What's new

Slow speed on devices NOT using OpenVPN.

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

OJay

Occasional Visitor
Hi,

I'm having an odd issue with my network. Currently i have:

RT-AC86U: 386.3_2
Connected to a router in modem mode using single WAN.
OpenVPN set up, VPN provider PIA
VPN director rule linking one client (laptop) to 1 VPN interface which is set to start on boot of router.

If there is any other information you need please ask i'll be happy to provide it.

The issue that i am having is that, when i try to load web pages on clients that are not connected to the VPN, it takes a long time (upwards of 10 seconds) for pages to load on wifi. (the delay is less on ethernet but still there). By contrast the client connected to VPN loads pages almost very quickly on wifi (considering i'm using VPN, maybe 2-3 seconds using a london based VPN server from Hungary). If i turn off the VPN client service, then i return to normal behaviour (pages loading almost instantly on wifi for all clients).

Interestingly, If i have OVPN turned on on the router, and i use a client that is not going through OVPN on the router (which would normally take 10 seconds) but i connect on the device itself to a VPN server in Hungary, the page loads instantly.

according to speed tests and the like, I get similar download speeds of around 100mbps on 2.4ghz wifi regardless of the situation (router vpn on + phone vpn off, router vpn on + phone vpn on, router vpn off + phone vpn off) which i'd expect, though the ping is better with phone vpn off again as i'd expect.

Is this something that anybody else has experienced or can give me any tips for how to fix this issue assuming it's not expected behaviour.

Thanks!
 
If you're not doing so already, try changing "Accept DNS configuration" on the OpenVPN client to either Exclusive or Disabled.
 
That seems to have done the trick. Thank you!

I think it may not be quite as fast as having it off but is massively improved (1-2 seconds but really approaching margin of error).

If it's not too much trouble, could you explain why this setting caused this behaviour (or point me in the direction of something I could read to understand).

Also, by any chance could setting up an SSID for VPN rather than using my current method of assigning the static IP to the VPN have any effect on this as it's something i'm considering (though likely overkill as there are only 1 or 2 devices that i want to go through VPN on my router.)

Thanks again
 
Here's my thinking.

Specifying Strict or Relaxed causes DNSMasq (the router's DNS proxy) to be reconfigured w/ the DNS server(s) push'd by the OpenVPN server. What that means is that *all* your clients are affected for the purposes of name resolution, whether they are bound to the VPN or WAN. But that can sometimes cause a problem if the client is using one network interface for DNS (e.g., the VPN), but actually accessing the site from a different network interface (e.g., the WAN).

The most glaring example is content streaming sites like Netflix or Amazon. In those cases, they typically won't even work. BOTH the DNS and site access must occur over the WAN. But even for lesser sites, this "mismatch" between the point of access for DNS and site can sometimes cause problems. Presumably DNS results are optimized under the assumption you're going to access that site from the same network interface. But when using Strict or Relaxed, that's not necessarily the case. At least not for those bound to the WAN.

By using Exclusive, you force only those clients bound to VPN to perform DNS over the VPN. Those still bound to the WAN continue to use the WAN/ISP DNS server(s). So everything remains in-sync (for lack of a better term). In the case of Disabled, you're simply ignoring the VPN's DNS server and sticking w/ the WAN/ISP servers for both VPN and non-VPN clients. Even then you might have a problem, but w/ VPN clients resolving over the WAN. But in general, it tends to be less of an issue than non-VPN clients resolving over the VPN.
 
Thanks a lot for the explanation! Made sense even to me.

Thanks again for helping me fix the issue.
 

Similar threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top