Slow speed on devices NOT using OpenVPN.

  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

OJay

New Around Here
Hi,

I'm having an odd issue with my network. Currently i have:

RT-AC86U: 386.3_2
Connected to a router in modem mode using single WAN.
OpenVPN set up, VPN provider PIA
VPN director rule linking one client (laptop) to 1 VPN interface which is set to start on boot of router.

If there is any other information you need please ask i'll be happy to provide it.

The issue that i am having is that, when i try to load web pages on clients that are not connected to the VPN, it takes a long time (upwards of 10 seconds) for pages to load on wifi. (the delay is less on ethernet but still there). By contrast the client connected to VPN loads pages almost very quickly on wifi (considering i'm using VPN, maybe 2-3 seconds using a london based VPN server from Hungary). If i turn off the VPN client service, then i return to normal behaviour (pages loading almost instantly on wifi for all clients).

Interestingly, If i have OVPN turned on on the router, and i use a client that is not going through OVPN on the router (which would normally take 10 seconds) but i connect on the device itself to a VPN server in Hungary, the page loads instantly.

according to speed tests and the like, I get similar download speeds of around 100mbps on 2.4ghz wifi regardless of the situation (router vpn on + phone vpn off, router vpn on + phone vpn on, router vpn off + phone vpn off) which i'd expect, though the ping is better with phone vpn off again as i'd expect.

Is this something that anybody else has experienced or can give me any tips for how to fix this issue assuming it's not expected behaviour.

Thanks!
 

eibgrad

Very Senior Member
If you're not doing so already, try changing "Accept DNS configuration" on the OpenVPN client to either Exclusive or Disabled.
 

OJay

New Around Here
That seems to have done the trick. Thank you!

I think it may not be quite as fast as having it off but is massively improved (1-2 seconds but really approaching margin of error).

If it's not too much trouble, could you explain why this setting caused this behaviour (or point me in the direction of something I could read to understand).

Also, by any chance could setting up an SSID for VPN rather than using my current method of assigning the static IP to the VPN have any effect on this as it's something i'm considering (though likely overkill as there are only 1 or 2 devices that i want to go through VPN on my router.)

Thanks again
 

eibgrad

Very Senior Member
Here's my thinking.

Specifying Strict or Relaxed causes DNSMasq (the router's DNS proxy) to be reconfigured w/ the DNS server(s) push'd by the OpenVPN server. What that means is that *all* your clients are affected for the purposes of name resolution, whether they are bound to the VPN or WAN. But that can sometimes cause a problem if the client is using one network interface for DNS (e.g., the VPN), but actually accessing the site from a different network interface (e.g., the WAN).

The most glaring example is content streaming sites like Netflix or Amazon. In those cases, they typically won't even work. BOTH the DNS and site access must occur over the WAN. But even for lesser sites, this "mismatch" between the point of access for DNS and site can sometimes cause problems. Presumably DNS results are optimized under the assumption you're going to access that site from the same network interface. But when using Strict or Relaxed, that's not necessarily the case. At least not for those bound to the WAN.

By using Exclusive, you force only those clients bound to VPN to perform DNS over the VPN. Those still bound to the WAN continue to use the WAN/ISP DNS server(s). So everything remains in-sync (for lack of a better term). In the case of Disabled, you're simply ignoring the VPN's DNS server and sticking w/ the WAN/ISP servers for both VPN and non-VPN clients. Even then you might have a problem, but w/ VPN clients resolving over the WAN. But in general, it tends to be less of an issue than non-VPN clients resolving over the VPN.
 

OJay

New Around Here
Thanks a lot for the explanation! Made sense even to me.

Thanks again for helping me fix the issue.
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top