server broadband speed: download 26 Mbps, upload 2.7Mbps.
1) Whats speeds should I expect when connected through this openvpn? Im getting download 2.4Mbps, upload 2.1Mbps. Is that right? Both clients speeds cannot be faster than 3/4 of servers upload speed?
Another question:
Im having problems with connecting to this openvpn from one of the places Im visiting. I think there is a MTU issue in that network. Clients connect to openvpn server and some thing works, other things not.
Sometimes connection stalls, usually with upload not coming through vpn. So I think there is MTU issue in that particular network.
I have run ping test from that network and output is:
from windows:
ping google.com -f -l 1416 - thats the biggest ping I can make it work (1416).
Now the bit that I dont understand: when testing this with android app in logs Im getting info that biggest transferable packet is 1444. That would make sense (1416 + 28 overhead is 1444).
But in wireshark that ping (1416) is shown as 1458 (so 1416 + 42). Where that 42 comes from? I thought calculation is like data (1416) + udp overhead (28) + 20 IP overhead, but that would give 48, not 42.
Anyway, I want to configure client and server for best performance in that network.
Running client with mtu-test option I got output that best MTU is 1413. Why 1413 and not 1416?
I was playing around with client/server settings and I used link-mtu 1413 on both client and server and that seems to be working ok. Is that best solution for performance in this particular network?
Maybe link-mtu 1416 would be better?
Or should I forgot about link-mtu and set some tun-mtu, mssfix and fragment? If so, can you tell me what values should I put?
Also I dont want to this server to be downgraded to use link-mtu 1413 from all places Im connecting to it, so is it possible to make this client working on lower MTU settings and other clients from other
networks works on default settings for best performance?
I think its possible to use link-mtu, tun-mtu and mssfix only on client config and not on server config (with warnings, no errors). Only fragment settings needs to be on both settings.
Please tell me how to solve it.
CLIENT CONFIG:
client
dev tun
proto udp
remote my_domain.com 500
float
cipher AES-256-CBC
comp-lzo yes
keepalive 15 60
auth-user-pass
ns-cert-type server
key-direction 1
resolv-retry infinite
nobind
SERVER CONFIG:
server 10.0.0.0 255.255.255.0
proto udp
port 500
dev tun
cipher AES-256-CBC
comp-lzo yes
keepalive 15 60
verb 3
push "route 10.10.10.0 255.255.255.0"
client-config-dir ccd
client-to-client
ccd-exclusive
route 192.168.2.0 255.255.255.0
push "route 192.168.2.0 255.255.255.0"
route 192.168.0.0 255.255.255.0
push "route 192.168.0.0 255.255.255.0"
route 192.168.1.0 255.255.255.0
route 192.168.3.0 255.255.255.0
push "route 192.168.3.0 255.255.255.0"
push "redirect-gateway def1"
tls-auth static.key 0
ca ca.crt
dh dh.pem
cert server.crt
key server.key
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
max-clients 10
1) Whats speeds should I expect when connected through this openvpn? Im getting download 2.4Mbps, upload 2.1Mbps. Is that right? Both clients speeds cannot be faster than 3/4 of servers upload speed?
Another question:
Im having problems with connecting to this openvpn from one of the places Im visiting. I think there is a MTU issue in that network. Clients connect to openvpn server and some thing works, other things not.
Sometimes connection stalls, usually with upload not coming through vpn. So I think there is MTU issue in that particular network.
I have run ping test from that network and output is:
from windows:
ping google.com -f -l 1416 - thats the biggest ping I can make it work (1416).
Now the bit that I dont understand: when testing this with android app in logs Im getting info that biggest transferable packet is 1444. That would make sense (1416 + 28 overhead is 1444).
But in wireshark that ping (1416) is shown as 1458 (so 1416 + 42). Where that 42 comes from? I thought calculation is like data (1416) + udp overhead (28) + 20 IP overhead, but that would give 48, not 42.
Anyway, I want to configure client and server for best performance in that network.
Running client with mtu-test option I got output that best MTU is 1413. Why 1413 and not 1416?
I was playing around with client/server settings and I used link-mtu 1413 on both client and server and that seems to be working ok. Is that best solution for performance in this particular network?
Maybe link-mtu 1416 would be better?
Or should I forgot about link-mtu and set some tun-mtu, mssfix and fragment? If so, can you tell me what values should I put?
Also I dont want to this server to be downgraded to use link-mtu 1413 from all places Im connecting to it, so is it possible to make this client working on lower MTU settings and other clients from other
networks works on default settings for best performance?
I think its possible to use link-mtu, tun-mtu and mssfix only on client config and not on server config (with warnings, no errors). Only fragment settings needs to be on both settings.
Please tell me how to solve it.
CLIENT CONFIG:
client
dev tun
proto udp
remote my_domain.com 500
float
cipher AES-256-CBC
comp-lzo yes
keepalive 15 60
auth-user-pass
ns-cert-type server
key-direction 1
resolv-retry infinite
nobind
SERVER CONFIG:
server 10.0.0.0 255.255.255.0
proto udp
port 500
dev tun
cipher AES-256-CBC
comp-lzo yes
keepalive 15 60
verb 3
push "route 10.10.10.0 255.255.255.0"
client-config-dir ccd
client-to-client
ccd-exclusive
route 192.168.2.0 255.255.255.0
push "route 192.168.2.0 255.255.255.0"
route 192.168.0.0 255.255.255.0
push "route 192.168.0.0 255.255.255.0"
route 192.168.1.0 255.255.255.0
route 192.168.3.0 255.255.255.0
push "route 192.168.3.0 255.255.255.0"
push "redirect-gateway def1"
tls-auth static.key 0
ca ca.crt
dh dh.pem
cert server.crt
key server.key
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
max-clients 10