Why is the openvpn transfer speed between linux and windows so meager?

U

unwrecker2014-03-13 20:00:07

openvpn

unwrecker, 2014-03-13 20:00:07

On a real Linux machine there is an openvpn server.
On virtual Windows under KVM on hetzner there is an openvpn client.
The speed of file transfer through a vpn channel (regardless of the protocol) is 100-300Kb / s and it floats a lot.
The maximum bandwidth between two machines is 3MB/sec. The same speed is shown by the openvpn client installed on the Linux host of the virtual machine.
With the network interface on virtual Windows, everything is also in order - if you download from the server bypassing vpn, then there will be the same 3MB / s.
However, in the scheme I need, the speed drops by 10 or more times.
I tried to change protocols and encryption, tried to change openvpn versions, played with tun-mtu and mssfix, disabled tls.
There are no more ideas. Unless you pick up a Linux virtual machine next to it and see how openvpn will work in it (although it’s probably normal). You can also try to raise a virtual machine not on hetzner (although it doesn’t matter if it works fine from the host machine).
As a fallback: forward vpn to the host machine and somehow transfer it to the guest machine. But how? As far as I understand, openvpn only allows you to bridge from the server side.
Config on the server:

port 1195
proto udp
auth SHA1
cipher BF-CBC
server-bridge 192.168.200.191 255.255.255.0 192.168.200.192 192.168.200.199
max-clients 7
duplicate-cn
dev tap1
ca ca.crt
cert server.crt
key server.key
dh dh1024.pem
tls-auth ta.key 0
up "/etc/openvpn/up br1"
down "/etc/openvpn/down br1"
ifconfig-pool-persist ipp.txt
keepalive 10 600
comp-lzo
persist-key
persist-tun
verb 3
mute 20
status /var/log/openvpn/openvpn200-status.log
log /var/log/openvpn/openvpn200.log
client-config-dir ccd
push "dhcp-option DNS 192.168.200.1"

Config on the client:

client
dev tap
proto udp
remote <my_ip> 1195
route-delay 3
ns-cert-type server
auth SHA1
cipher BF-CBC
ca C:\\OpenVPN\\ssl\\ca.crt
cert C:\\OpenVPN\\ssl\\client.crt
key C:\\OpenVPN\\ssl\\client.key
tls-auth C:\\OpenVPN\\ssl\\ta.key 1
comp-lzo
nobind
pull
persist-key
persist-tun
resolv-retry infinite
verb 3
status C:\\OpenVPN\\log\\openvpn-status.log
log C:\\OpenVPN\\log\\openvpn.log

Reply

Answer the question

In order to leave comments, you need to log in

5 answer(s)

U

unwrecker, 2014-04-18
@unwrecker

There are some moves.
I achieved approximately the same result in two ways:
1. Re-create all the keys and certificates with the easy-rsa windows (in the process, there are many glitches that need to be overcome). Before that, I created keys with Linux easy-rsa (a "openvpn does not respect windows" :) ).
2. Throw a tunnel between the gate and the host machine, and from there across the bridge to the guest machine. Previously, this did not work for me, but all I had to do was to give the bridge an ip manually.
After that, RDP and SFTP from Windows through VPN quickly earned, but SMB had brakes. However, this is probably another topic related to MTU.

V

ValdikSS, 2015-12-29
@ValdikSS

habrahabr.ru/post/246953

H

HasBenBlahBlag, 2014-03-13
@HasBenBlahBlag

openvpn does not respect windows

N

nrgetik, 2014-04-16
@nrgetik

killed the previous two comments (:
openvpn is great friends with any platform (tested on macOS, *nix, Windows XP - 7)
the key can be set to 16 kilos ... you never know what they offer ... what if I'm paranoid.
but where does the speed go for I was still a mystery... I also tried
a lot.The topic can be useful:
www.etegro.ru/articles/encrypted-gigabit
but on channels of different widths in combat mode, the speed drops to the narrowest.