OpenVPN Speed Issue

[ronan_zj]

more pics

 

[Find the Door]

Vpn provider: ipvanish

Connection method: hardwired (gateway)

Speed without vpn: 170 down, 25 up

Speed with: 35 down (avg), 10 up



I keep getting randomly disconnected in games of Madden. Is there anything here that would indicate a drop and why?

Also how do I change the cipher value to a lower bit? I'd rather have 128 being that it won't hog as much bandwidth.

Thanks!

Aug 17 03:12:57 openvpn[4146]: /usr/sbin/ip route add 0.0.0.0/1 via 172.20.16.1

Aug 17 03:12:57 openvpn[4146]: /usr/sbin/ip route add 128.0.0.0/1 via 172.20.16.1

Aug 17 03:12:57 openvpn-routing: Skipping, client 1 not in routing policy mode

Aug 17 03:12:57 openvpn[4146]: Initialization Sequence Completed

Aug 17 03:30:27 dnsmasq-dhcp[4193]: DHCPDISCOVER(br0) 192.168.1.50 00:d9:d1:d7:d0:bf

Aug 17 03:30:27 dnsmasq-dhcp[4193]: DHCPOFFER(br0) 192.168.1.50 00:d9:d1:d7:d0:bf

Aug 17 03:30:27 dnsmasq-dhcp[4193]: DHCPREQUEST(br0) 192.168.1.50 00:d9:d1:d7:d0:bf

Aug 17 03:30:27 dnsmasq-dhcp[4193]: DHCPACK(br0) 192.168.1.50 00:d9:d1:d7:d0:bf

Aug 17 04:12:53 openvpn[4146]: TLS: soft reset sec=0 bytes=409759404/0 pkts=545163/0

Aug 17 04:12:53 openvpn[4146]: VERIFY OK: depth=1, /C=US/ST=FL/L=Winter_Park/O=IPVanish/OU=IPVanish_VPN/CN=IPVanish_CA/emailAddress=support@ipvanish.com

Aug 17 04:12:53 openvpn[4146]: VERIFY X509NAME OK: /C=US/ST=FL/L=Winter_Park/O=IPVanish/OU=IPVanish_VPN/CN=sea-a05.ipvanish.com/emailAddress=support@ipvanish.com

Aug 17 04:12:53 openvpn[4146]: VERIFY OK: depth=0, /C=US/ST=FL/L=Winter_Park/O=IPVanish/OU=IPVanish_VPN/CN=sea-a05.ipvanish.com/emailAddress=support@ipvanish.com

Aug 17 04:12:53 openvpn[4146]: Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key

Aug 17 04:12:53 openvpn[4146]: Data Channel Encrypt: Using 256 bit message hash 'SHA256' for HMAC authentication

Aug 17 04:12:53 openvpn[4146]: Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key

Aug 17 04:12:53 openvpn[4146]: Data Channel Decrypt: Using 256 bit message hash 'SHA256' for HMAC authentication

Aug 17 04:12:53 openvpn[4146]: Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA

 

[Calisro]

I just did OC 1200/800 on my AC68 and I still got no performance change .
I have attached screen shots on my OpenVPN setup and test result here.
with OpenVPN off, I have full speed 21Mb/s.
With OpenVPN on, my connection speed is 9Mb/s which is 50% drop.

Wait. You're trying to compare your speed without a VPN at all to the speed of a VPN? That's not fair.... Perhaps you should try other gateways. Your VPN settings look fine.

 

[ronan_zj]

Wait. You're trying to compare your speed without a VPN at all to the speed of a VPN? That's not fair.... Perhaps you should try other gateways. Your VPN settings look fine.

Sorry about confusion. I also did speed test when I use PIA software on my desktop( connect to same server), and I got full speed, so its shows PIA software on my PC provides faster connection speed than OpenVPN on the AC68 router.

 

[john9527]

I'm beginning to think that the people who are having trouble getting good speeds with PIA VPN are actually running into traffic shaping by their ISP, and somehow the PIA VPN app is using a slightly non-standard protocol that fools the shaping algorithms. I believe that some VPN providers actually highlight a special protocol as a feature for use in countries that block normal VPN traffic.

 

[Calisro]

I know the pia vpn app works very differently than openvpn itself. They've modified the openvpn source. It also uses a web service to get a least busy server to connect to unlike the dns names we use statically in our openvon configs.

Someone who is having issues on the router should try openvpn on their desktop versus pia app on the same desktop.

EFI

 

[MediaMan09]

I know the pia vpn app works very differently than openvpn itself. They've modified the openvpn source. It also uses a web service to get a least busy server to connect to unlike the dns names we use statically in our openvon configs.

Someone who is having issues on the router should try openvpn on their desktop versus pia app on the same desktop.

EFI

I'm one of the users having issues on the router vs the PIA app. I am getting:

-near isp max (about 80 Mbps) on the PIA windows client - (clearly happy)
-75% of max (about 60 Mbps) using OpenVPN windows clieint (on a different VPN provider - no need to test it on PIA)
-about 30% of max (20-25 Mbps) using OpenVPN Client (Client 1) on the Router.

On the later I have these type of settings:

server = us-east.privateinternetaccess.com
accept DNS=relaxed
encyption=AES-128-CBC ( port set to 1196)
compression=adpative
tls renegotiation= -1
connection retry=30
custom config:
persist-key
persist-tun
tls-client
comp-lzo
verb 1
reneg-sec 0

Any obvious tweaks I should try?

 

[Calisro]

You dhould grab a ovpn file from the pia website and try it on your desktop openvpn. That way it is a good comparison... but there are really not any tweaks to try with your setup from my point of view. i have the same setup...

 

[ronan_zj]

right now I could not access my rouger GUI, does anyone know what I should do?
I have tried reset the router, and it works for a while, but after 30 mins or 1 hour later, I couldn't connect to webGUI anymore. I have no issue to ping or telnet the getway ip address.

 

[Calisro]

right now I could not access my rouger GUI, does anyone know what I should do?
I have tried reset the router, and it works for a while, but after 30 mins or 1 hour later, I couldn't connect to webGUI anymore. I have no issue to ping or telnet the getway ip address.

This is off topic for this thread. You should open a new thread for help but while i'm replying:

1) if you overclocked, back it down a bit
2) my jffs has gotten corrupted before and gave symptoms like this. reformat it in the gui.
2) if not, you may want to consider a factory reset (you can use the backup utility to save your settings before doing it. search the forums for it)

if more help needed, open a new thread.

 

[ronan_zj]

hmm, I am currently on DDWRT build, and I have also tested its OpenVPN client. I use the tutorial setup from PIA, and I get the full speed. (21.74 Mb/s DL, 1.84 Mb/s UL).

 

[ronan_zj]

Does Merlin and DDWRT have different OpenVPN client? I am currently on DDWRT, and I could get full speed via OpenVPN, but I could only get 50% speed if I use Merlin build OpenVPN.

 

[Calisro]

are you sure you are testing consistently? using some pia regional pool and speedtest.net is not consistent testing....

 

[ronan_zj]

are you sure you are testing consistently? using some pia regional pool and speedtest.net is not consistent testing....

I will try it again since I have 2 AC68s, one with Merlin build as my backup router, another one is DDWRT.

 

[Find the Door]

Thinking about renting a high speed vps and configuring it with an openvpn.

Would this yield better results and less overhead?

 

[MediaMan09]

I will try it again since I have 2 AC68s, one with Merlin build as my backup router, another one is DDWRT.

Thanks for doing that ; it would be interesting to see how they compare re OpenVPN client speed.

Also, are your settings similar to what was posted above, ie

server = us-east.privateinternetaccess.com
accept DNS=relaxed
encyption=AES-128-CBC ( port set to 1196)
compression=adpative
tls renegotiation= -1
connection retry=30
custom config:
persist-key
persist-tun
tls-client
comp-lzo
verb 1
reneg-sec 0​

 

[Calisro]

Thinking about renting a high speed vps and configuring it with an openvpn.

Would this yield better results and less overhead?

Depends on the vps. Also the cost vs result.

 

[Calisro]

Thinking about renting a high speed vps and configuring it with an openvpn.

Would this yield better results and less overhead?

Also make sure if you use speedtest.net, make sure you try different servers and multiple of them. I've seen widely variable results with the same server when tested over and over (could be pia or could be test server).

 

[ronan_zj]

Sorry for the late update.
I just test my another AC-68R with Merlin 378.52_2 firmware with OpenVPN enabled, I could get maximum connection speed via Speedtest connecting to different servers in the California.

 

[sfx2000]

Just a quick note - if one is just using OpenVPN to geo-unlock content - e.g. watch Netflix/Hulu/BBC from another location, one might consider turning off encryption all together - still using SSL to authenticate obviously - the performance you find might be surprising, getting close to near-wire speed...