Answer the question
In order to leave comments, you need to log in
B
B
Bermut2021-12-07 05:08:30
Bermut, 2021-12-07 05:08:30
Why such low speed with openvpn?
In general, there is an openvpn server in Germany, the Contabo provider, as well as the main Internet provider at home, the mobile Megafon, the Moscow region, recently I have been observing a decrease in the speed of the tunnel to 128kbps, it all started at about the same moment with the blocking of tor'a (I it is blocked), I have been using this server for 5 months already, and before that everything was fine, I see such a problem only at night, from about 2:00 to 6:00 Moscow time, reconnecting to the server helps, and then for a short period, about 10 -15 minutes, after that the speed drops again. This problem is also observed on other devices with the same configuration that are connected to Megafon. Openvpn is deployed on port 55431, it seems to me, or is the RKN starting to block openvpn? By the way, with the same server configuration only in Moscow (that is, the Moscow server), the speed is consistently maximum. And if, nevertheless, this is not an ILV, then what can be done to solve the problem?
server configuration
port 55431
proto udp
dev tun
user nobody
group nogroup
persist-key
persist-tun
keepalive 10 120
topology subnet
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
push "redirect-gateway def1 bypass-dhcp"
dh none
ecdh-curve prime256v1
tls-crypt tls-crypt.key
crl-verify crl.pem
ca ca.crt
cert server_x.crt
key server_x.key
auth SHA256
cipher AES-128-GCM
ncp-ciphers AES-128-GCM
tls-server
tls-version-min 1.2
tls-cipher TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
client-config-dir /etc/openvpn/ccd
status /var/log/openvpn/status.log
verb 3
port 55431
proto udp
dev tun
user nobody
group nogroup
persist-key
persist-tun
keepalive 10 120
topology subnet
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
push "redirect-gateway def1 bypass-dhcp"
dh none
ecdh-curve prime256v1
tls-crypt tls-crypt.key
crl-verify crl.pem
ca ca.crt
cert server_x.crt
key server_x.key
auth SHA256
cipher AES-128-GCM
ncp-ciphers AES-128-GCM
tls-server
tls-version-min 1.2
tls-cipher TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
client-config-dir /etc/openvpn/ccd
status /var/log/openvpn/status.log
verb 3
Client configuration
client
proto udp
explicit-exit-notify
remote 1.1.1.1 55431
dev tun
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
verify-x509-name server_x name
auth SHA256
auth-nocache
cipher AES-128-GCM
tls-client
tls-version-min 1.2
tls-cipher TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
ignore-unknown-option block-outside-dns
setenv opt block-outside-dns # Prevent Windows 10 DNS leak
verb 3
ip-win32 netsh
route 192.168.0.0 255.255.0.0 10.1.0.1
route 10.2.0.0 255.255.255.0 10.1.0.1
-----BEGIN CERTIFICATE-----
u
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
y
-----END CERTIFICATE-----
-----BEGIN ENCRYPTED PRIVATE KEY-----
x
-----END ENCRYPTED PRIVATE KEY-----
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
z
-----END OpenVPN Static key V1-----
proto udp
explicit-exit-notify
remote 1.1.1.1 55431
dev tun
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
verify-x509-name server_x name
auth SHA256
auth-nocache
cipher AES-128-GCM
tls-client
tls-version-min 1.2
tls-cipher TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
ignore-unknown-option block-outside-dns
setenv opt block-outside-dns # Prevent Windows 10 DNS leak
verb 3
ip-win32 netsh
route 192.168.0.0 255.255.0.0 10.1.0.1
route 10.2.0.0 255.255.255.0 10.1.0.1
-----BEGIN CERTIFICATE-----
u
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
y
-----END CERTIFICATE-----
-----BEGIN ENCRYPTED PRIVATE KEY-----
x
-----END ENCRYPTED PRIVATE KEY-----
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
z
-----END OpenVPN Static key V1-----
2 answer(s)
@res2001
If it started, then the speed would drop to zero.
To begin with, it is worth measuring the delays on the path of packets from home to the VPN server. This should be done when the speed is normal and when the speed has dropped. Take measurements for several days to collect statistics. By comparing delays, you can find where there are speed dips along the way. It is possible that during the speed dip the route of the packets changes, etc.
Measure delays not within the VPN, but over a "clean" channel. Latency can be measured using traceroute (tracert) or using iperf.
If your operators have speed failures (Megaphone or Contabo), then you can try to communicate with the support of operators. If it is somewhere in the middle, with other operators, then it is hardly possible to really do something. Probably just change your operator, or try to somehow influence through your operator, providing him with statistics.
R
res2001, 2021-12-07 @res2001
RKN starts blocking openvpn?
If it started, then the speed would drop to zero.
To begin with, it is worth measuring the delays on the path of packets from home to the VPN server. This should be done when the speed is normal and when the speed has dropped. Take measurements for several days to collect statistics. By comparing delays, you can find where there are speed dips along the way. It is possible that during the speed dip the route of the packets changes, etc.
Measure delays not within the VPN, but over a "clean" channel. Latency can be measured using traceroute (tracert) or using iperf.
If your operators have speed failures (Megaphone or Contabo), then you can try to communicate with the support of operators. If it is somewhere in the middle, with other operators, then it is hardly possible to really do something. Probably just change your operator, or try to somehow influence through your operator, providing him with statistics.
Similar questions
S
I
E
C
K
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question