search

angristan / openvpn-install

Set up your own OpenVPN server on Debian, Ubuntu, Fedora, CentOS or Arch Linux.
https://stanislas.blog
MIT License
13.59k stars 2.97k forks source link

Speed issues since 594486c #336

Closed loadcorp closed 5 years ago

loadcorp commented 6 years ago

Starting from "Rework iptables handling (#291) - https://github.com/angristan/openvpn-install/commit/594486c1772f84c3a4461000dcf6583d32eac68f" changes script not working.

But one update before "Merge branch 'sysctl'" - https://github.com/angristan/openvpn-install/commit/67feb344460e7f8e54d9005f1bfe280346fcac59 working well.

Both updates was been on Sep 16.

In process of configuration I am not use Ipv6.

My system configuration: Ubuntu 16.04 1 CPU Memory 1024 MB 40 GB SSD Also I am using Qubes and my VPN installation I am doing like here: https://www.qubes-os.org/doc/vpn/

angristan commented 6 years ago

Can you explain "not working"?

loadcorp commented 6 years ago

For example, when I am manually start vpn:

[user@vpn-usb-1 vpn]$ sudo openvpn --cd /rw/config/vpn --config openvpn-client.ovpn
Thu Oct 18 04:01:08 2018 Unrecognized option or missing or extra parameter(s) in openvpn-client.ovpn:17: block-outside-dns (2.4.6)
Thu Oct 18 04:01:08 2018 OpenVPN 2.4.6 x86_64-redhat-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Apr 26 2018
Thu Oct 18 04:01:08 2018 library versions: OpenSSL 1.1.0h-fips  27 Mar 2018, LZO 2.08
Thu Oct 18 04:01:08 2018 Outgoing Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
Thu Oct 18 04:01:08 2018 Incoming Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
Thu Oct 18 04:01:08 2018 TCP/UDP: Preserving recently used remote address: [AF_INET]'ip':443
Thu Oct 18 04:01:08 2018 Socket Buffers: R=[212992->212992] S=[212992->212992]
Thu Oct 18 04:01:08 2018 UDP link local: (not bound)
Thu Oct 18 04:01:08 2018 UDP link remote: [AF_INET]'ip':443
Thu Oct 18 04:01:08 2018 TLS: Initial packet from [AF_INET]'ip':443, sid=1a2ba2c9 b232baa1
Thu Oct 18 04:01:09 2018 VERIFY OK: depth=1, CN=cn_6Ypsrf2ac3PIGGZY
Thu Oct 18 04:01:09 2018 VERIFY KU OK
Thu Oct 18 04:01:09 2018 Validating certificate extended key usage
Thu Oct 18 04:01:09 2018 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Thu Oct 18 04:01:09 2018 VERIFY EKU OK
Thu Oct 18 04:01:09 2018 VERIFY X509NAME OK: CN=server_01fDDCu9chEMKkwt
Thu Oct 18 04:01:09 2018 VERIFY OK: depth=0, CN=server_01fDDCu9chEMKkwt
Thu Oct 18 04:01:09 2018 Control Channel: TLSv1.2, cipher TLSv1.2 DHE-RSA-AES128-GCM-SHA256, 3072 bit RSA
Thu Oct 18 04:01:09 2018 [server_01fDDCu9chEMKkwt] Peer Connection Initiated with [AF_INET]'ip':443
Thu Oct 18 04:01:10 2018 SENT CONTROL [server_01fDDCu9chEMKkwt]: 'PUSH_REQUEST' (status=1)
Thu Oct 18 04:01:10 2018 PUSH: Received control message: 'PUSH_REPLY,dhcp-option DNS 8.8.8.8,dhcp-option DNS 8.8.4.4,redirect-gateway def1 bypass-dhcp,route-gateway 10.8.0.1,topology subnet,ping 10,ping-restart 120,ifconfig 10.8.0.2 255.255.255.0'
Thu Oct 18 04:01:10 2018 OPTIONS IMPORT: timers and/or timeouts modified
Thu Oct 18 04:01:10 2018 OPTIONS IMPORT: --ifconfig/up options modified
Thu Oct 18 04:01:10 2018 OPTIONS IMPORT: route options modified
Thu Oct 18 04:01:10 2018 OPTIONS IMPORT: route-related options modified
Thu Oct 18 04:01:10 2018 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Thu Oct 18 04:01:10 2018 Outgoing Data Channel: Cipher 'AES-128-CBC' initialized with 128 bit key
Thu Oct 18 04:01:10 2018 Outgoing Data Channel: Using 256 bit message hash 'SHA256' for HMAC authentication
Thu Oct 18 04:01:10 2018 Incoming Data Channel: Cipher 'AES-128-CBC' initialized with 128 bit key
Thu Oct 18 04:01:10 2018 Incoming Data Channel: Using 256 bit message hash 'SHA256' for HMAC authentication
Thu Oct 18 04:01:10 2018 ROUTE_GATEWAY 10.137.0.26
Thu Oct 18 04:01:10 2018 TUN/TAP device tun1 opened
Thu Oct 18 04:01:10 2018 TUN/TAP TX queue length set to 100
Thu Oct 18 04:01:10 2018 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Thu Oct 18 04:01:10 2018 /sbin/ip link set dev tun1 up mtu 1500
Thu Oct 18 04:01:10 2018 /sbin/ip addr add dev tun1 10.8.0.2/24 broadcast 10.8.0.255
Thu Oct 18 04:01:10 2018 /sbin/ip route add 'ip' via 10.137.0.26
RTNETLINK answers: File exists
Thu Oct 18 04:01:10 2018 ERROR: Linux route add command failed: external program exited with error status: 2
Thu Oct 18 04:01:10 2018 /sbin/ip route add 0.0.0.0/1 via 10.8.0.1
RTNETLINK answers: File exists
Thu Oct 18 04:01:10 2018 ERROR: Linux route add command failed: external program exited with error status: 2
Thu Oct 18 04:01:10 2018 /sbin/ip route add 128.0.0.0/1 via 10.8.0.1
RTNETLINK answers: File exists
Thu Oct 18 04:01:10 2018 ERROR: Linux route add command failed: external program exited with error status: 2
Thu Oct 18 04:01:10 2018 Initialization Sequence Completed

When I am manually start and try to use browser, page is not loading.

angristan commented 6 years ago

The routes can't be added on your client: RTNETLINK answers: File exists

loadcorp commented 6 years ago

First client was been Fedora 26 which I already put up here.

Now I do the same manual start on Fedora 27-28 and have the same problem (without connection), i even have not ping to any ip.

[user@vpn27 vpn]$ sudo openvpn --cd /rw/config/vpn --config openvpn-client.ovpn
Thu Oct 18 07:35:14 2018 Unrecognized option or missing or extra parameter(s) in openvpn-client.ovpn:17: block-outside-dns (2.4.6)
Thu Oct 18 07:35:14 2018 OpenVPN 2.4.6 x86_64-redhat-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Apr 26 2018
Thu Oct 18 07:35:14 2018 library versions: OpenSSL 1.1.0i-fips  14 Aug 2018, LZO 2.08
Thu Oct 18 07:35:14 2018 Outgoing Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
Thu Oct 18 07:35:14 2018 Incoming Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
Thu Oct 18 07:35:14 2018 TCP/UDP: Preserving recently used remote address: [AF_INET]'ip':443
Thu Oct 18 07:35:14 2018 Socket Buffers: R=[212992->212992] S=[212992->212992]
Thu Oct 18 07:35:14 2018 UDP link local: (not bound)
Thu Oct 18 07:35:14 2018 UDP link remote: [AF_INET]'ip':443
Thu Oct 18 07:35:14 2018 TLS: Initial packet from [AF_INET]'ip':443, sid=b48fcbb2 abb7afce
Thu Oct 18 07:35:15 2018 VERIFY OK: depth=1, CN=cn_6Ypsrf2ac3PIGGZY
Thu Oct 18 07:35:15 2018 VERIFY KU OK
Thu Oct 18 07:35:15 2018 Validating certificate extended key usage
Thu Oct 18 07:35:15 2018 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Thu Oct 18 07:35:15 2018 VERIFY EKU OK
Thu Oct 18 07:35:15 2018 VERIFY X509NAME OK: CN=server_01fDDCu9chEMKkwt
Thu Oct 18 07:35:15 2018 VERIFY OK: depth=0, CN=server_01fDDCu9chEMKkwt
Thu Oct 18 07:35:15 2018 Control Channel: TLSv1.2, cipher TLSv1.2 DHE-RSA-AES128-GCM-SHA256, 3072 bit RSA
Thu Oct 18 07:35:15 2018 [server_01fDDCu9chEMKkwt] Peer Connection Initiated with [AF_INET]'ip':443
Thu Oct 18 07:35:16 2018 SENT CONTROL [server_01fDDCu9chEMKkwt]: 'PUSH_REQUEST' (status=1)
Thu Oct 18 07:35:16 2018 PUSH: Received control message: 'PUSH_REPLY,dhcp-option DNS 8.8.8.8,dhcp-option DNS 8.8.4.4,redirect-gateway def1 bypass-dhcp,route-gateway 10.8.0.1,topology subnet,ping 10,ping-restart 120,ifconfig 10.8.0.2 255.255.255.0'
Thu Oct 18 07:35:16 2018 OPTIONS IMPORT: timers and/or timeouts modified
Thu Oct 18 07:35:16 2018 OPTIONS IMPORT: --ifconfig/up options modified
Thu Oct 18 07:35:16 2018 OPTIONS IMPORT: route options modified
Thu Oct 18 07:35:16 2018 OPTIONS IMPORT: route-related options modified
Thu Oct 18 07:35:16 2018 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Thu Oct 18 07:35:16 2018 Outgoing Data Channel: Cipher 'AES-128-CBC' initialized with 128 bit key
Thu Oct 18 07:35:16 2018 Outgoing Data Channel: Using 256 bit message hash 'SHA256' for HMAC authentication
Thu Oct 18 07:35:16 2018 Incoming Data Channel: Cipher 'AES-128-CBC' initialized with 128 bit key
Thu Oct 18 07:35:16 2018 Incoming Data Channel: Using 256 bit message hash 'SHA256' for HMAC authentication
Thu Oct 18 07:35:16 2018 ROUTE_GATEWAY 10.137.0.26
Thu Oct 18 07:35:16 2018 TUN/TAP device tun0 opened
Thu Oct 18 07:35:16 2018 TUN/TAP TX queue length set to 100
Thu Oct 18 07:35:16 2018 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Thu Oct 18 07:35:16 2018 /sbin/ip link set dev tun0 up mtu 1500
Thu Oct 18 07:35:16 2018 /sbin/ip addr add dev tun0 10.8.0.2/24 broadcast 10.8.0.255
Thu Oct 18 07:35:16 2018 /sbin/ip route add 'ip' via 10.137.0.26
Thu Oct 18 07:35:16 2018 /sbin/ip route add 0.0.0.0/1 via 10.8.0.1
Thu Oct 18 07:35:16 2018 /sbin/ip route add 128.0.0.0/1 via 10.8.0.1
Thu Oct 18 07:35:16 2018 Initialization Sequence Completed
loadcorp commented 6 years ago

Also I tried to install the Latest script version on Debian 9 and got this result:

[user@vpn-usb-1]$ sudo openvpn --cd /rw/config/vpn --config openvpn-client.ovpn
Thu Oct 18 10:55:42 2018 Unrecognized option or missing or extra parameter(s) in openvpn-client.ovpn:17: block-outside-dns (2.4.6)
Thu Oct 18 10:55:42 2018 OpenVPN 2.4.6 x86_64-redhat-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Apr 26 2018
Thu Oct 18 10:55:42 2018 library versions: OpenSSL 1.1.0h-fips  27 Mar 2018, LZO 2.08
Thu Oct 18 10:55:42 2018 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
Thu Oct 18 10:55:42 2018 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
Thu Oct 18 10:55:42 2018 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
Thu Oct 18 10:55:42 2018 Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
Thu Oct 18 10:55:42 2018 TCP/UDP: Preserving recently used remote address: [AF_INET]'ip':443
Thu Oct 18 10:55:42 2018 Socket Buffers: R=[212992->212992] S=[212992->212992]
Thu Oct 18 10:55:42 2018 UDP link local: (not bound)
Thu Oct 18 10:55:42 2018 UDP link remote: [AF_INET]'ip':443
Thu Oct 18 10:56:42 2018 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Thu Oct 18 10:56:42 2018 TLS Error: TLS handshake failed
Thu Oct 18 10:56:42 2018 SIGUSR1[soft,tls-error] received, process restarting
Thu Oct 18 10:56:42 2018 Restart pause, 5 second(s)
Thu Oct 18 10:56:47 2018 TCP/UDP: Preserving recently used remote address: [AF_INET]'ip':443
Thu Oct 18 10:56:47 2018 Socket Buffers: R=[212992->212992] S=[212992->212992]
Thu Oct 18 10:56:47 2018 UDP link local: (not bound)
Thu Oct 18 10:56:47 2018 UDP link remote: [AF_INET]'ip':443
Thu Oct 18 10:57:47 2018 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Thu Oct 18 10:57:47 2018 TLS Error: TLS handshake failed
Thu Oct 18 10:57:47 2018 SIGUSR1[soft,tls-error] received, process restarting
Thu Oct 18 10:57:47 2018 Restart pause, 5 second(s)
Thu Oct 18 10:57:52 2018 TCP/UDP: Preserving recently used remote address: [AF_INET]'ip':443
Thu Oct 18 10:57:52 2018 Socket Buffers: R=[212992->212992] S=[212992->212992]
Thu Oct 18 10:57:52 2018 UDP link local: (not bound)
Thu Oct 18 10:57:52 2018 UDP link remote: [AF_INET]'ip':443
angristan commented 5 years ago

Is there anything interesting in the server log? journalctl -f -u openvpn@server

loadcorp commented 5 years ago

Put this command on the server:

root@name:~# journalctl -f -u openvpn@server
-- Logs begin at Thu 2018-10-18 10:48:48 EDT. --
Oct 18 10:50:57 name systemd[1]: openvpn@server.service: Failed to set invocation ID on control group /system.slice/system-openvpn.slice/openvpn@server.service, ignoring: Operation not permitted
Oct 18 10:50:57 name systemd[1]: Starting OpenVPN connection to server...
Oct 18 10:50:57 name ovpn-server[925]: OpenVPN 2.4.0 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Jul 18 2017
Oct 18 10:50:57 name ovpn-server[925]: library versions: OpenSSL 1.0.2l  25 May 2017, LZO 2.08
Oct 18 10:50:57 name ovpn-server[925]: daemon() failed or unsupported: Resource temporarily unavailable (errno=11)
Oct 18 10:50:57 name ovpn-server[925]: Exiting due to fatal error
Oct 18 10:50:57 name systemd[1]: openvpn@server.service: Control process exited, code=exited status=1
Oct 18 10:50:57 name systemd[1]: Failed to start OpenVPN connection to server.
Oct 18 10:50:57 name systemd[1]: openvpn@server.service: Unit entered failed state.
Oct 18 10:50:57 name systemd[1]: openvpn@server.service: Failed with result 'exit-code'.
loadcorp commented 5 years ago

I tried also last version script on last version of Ubuntu:

[user@vpn-usb-1]$ sudo mv openvpn-client.ovpn /rw/config/vpn
[user@vpn-usb-1]$ ls
[user@vpn-usb-1]$ sudo nano /rw/config/vpn/openvpn-client.ovpn
[user@vpn-usb-1]$ sudo openvpn --cd /rw/config/vpn --config openvpn-client.ovpn
Fri Oct 19 12:09:18 2018 Unrecognized option or missing or extra parameter(s) in openvpn-client.ovpn:17: block-outside-dns (2.4.6)
Fri Oct 19 12:09:18 2018 OpenVPN 2.4.6 x86_64-redhat-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Apr 26 2018
Fri Oct 19 12:09:18 2018 library versions: OpenSSL 1.1.0h-fips  27 Mar 2018, LZO 2.08
Fri Oct 19 12:09:18 2018 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
Fri Oct 19 12:09:18 2018 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
Fri Oct 19 12:09:18 2018 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
Fri Oct 19 12:09:18 2018 Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
Fri Oct 19 12:09:18 2018 TCP/UDP: Preserving recently used remote address: [AF_INET]'ip':443
Fri Oct 19 12:09:18 2018 Socket Buffers: R=[212992->212992] S=[212992->212992]
Fri Oct 19 12:09:18 2018 UDP link local: (not bound)
Fri Oct 19 12:09:18 2018 UDP link remote: [AF_INET]'ip':443
Fri Oct 19 12:09:19 2018 TLS: Initial packet from [AF_INET]'ip':443, sid=d0f5ebbf 1d357275
Fri Oct 19 12:09:21 2018 VERIFY OK: depth=1, CN=cn_9JXvJ2GIY5oGOzlV
Fri Oct 19 12:09:21 2018 VERIFY KU OK
Fri Oct 19 12:09:21 2018 Validating certificate extended key usage
Fri Oct 19 12:09:21 2018 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Fri Oct 19 12:09:21 2018 VERIFY EKU OK
Fri Oct 19 12:09:21 2018 VERIFY X509NAME OK: CN=server_v9l4eS1VAeZuu0yX
Fri Oct 19 12:09:21 2018 VERIFY OK: depth=0, CN=server_v9l4eS1VAeZuu0yX
Fri Oct 19 12:09:23 2018 Control Channel: TLSv1.2, cipher TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit EC, curve: prime256v1
Fri Oct 19 12:09:23 2018 [server_v9l4eS1VAeZuu0yX] Peer Connection Initiated with [AF_INET]'ip':443
Fri Oct 19 12:09:24 2018 SENT CONTROL [server_v9l4eS1VAeZuu0yX]: 'PUSH_REQUEST' (status=1)
Fri Oct 19 12:09:25 2018 PUSH: Received control message: 'PUSH_REPLY,dhcp-option DNS 8.8.8.8,dhcp-option DNS 8.8.4.4,redirect-gateway def1 bypass-dhcp,route-gateway 10.8.0.1,topology subnet,ping 10,ping-restart 120,ifconfig 10.8.0.2 255.255.255.0,peer-id 0,cipher AES-128-GCM'
Fri Oct 19 12:09:25 2018 OPTIONS IMPORT: timers and/or timeouts modified
Fri Oct 19 12:09:25 2018 OPTIONS IMPORT: --ifconfig/up options modified
Fri Oct 19 12:09:25 2018 OPTIONS IMPORT: route options modified
Fri Oct 19 12:09:25 2018 OPTIONS IMPORT: route-related options modified
Fri Oct 19 12:09:25 2018 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Fri Oct 19 12:09:25 2018 OPTIONS IMPORT: peer-id set
Fri Oct 19 12:09:25 2018 OPTIONS IMPORT: adjusting link_mtu to 1624
Fri Oct 19 12:09:25 2018 OPTIONS IMPORT: data channel crypto options modified
Fri Oct 19 12:09:25 2018 Outgoing Data Channel: Cipher 'AES-128-GCM' initialized with 128 bit key
Fri Oct 19 12:09:25 2018 Incoming Data Channel: Cipher 'AES-128-GCM' initialized with 128 bit key
Fri Oct 19 12:09:25 2018 ROUTE_GATEWAY 10.137.0.26
Fri Oct 19 12:09:25 2018 TUN/TAP device tun0 opened
Fri Oct 19 12:09:25 2018 TUN/TAP TX queue length set to 100
Fri Oct 19 12:09:25 2018 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Fri Oct 19 12:09:25 2018 /sbin/ip link set dev tun0 up mtu 1500
Fri Oct 19 12:09:25 2018 /sbin/ip addr add dev tun0 10.8.0.2/24 broadcast 10.8.0.255
Fri Oct 19 12:09:25 2018 /sbin/ip route add 'ip' via 10.137.0.26
Fri Oct 19 12:09:25 2018 /sbin/ip route add 0.0.0.0/1 via 10.8.0.1
Fri Oct 19 12:09:25 2018 /sbin/ip route add 128.0.0.0/1 via 10.8.0.1
Fri Oct 19 12:09:25 2018 Initialization Sequence Completed

But still can't open any pages on the client side, at this time browser loading very long and page al the time on the loading process.

I tried to ping through vpn on the client side to understand what is the problem and git this:

[user@vpn-usb-1 ~]$ ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=116 time=240 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=116 time=278 ms
64 bytes from 8.8.8.8: icmp_seq=3 ttl=116 time=277 ms
64 bytes from 8.8.8.8: icmp_seq=4 ttl=116 time=275 ms

But at the same time I tried to ping without vpn just on the server side and got much more better results:

root@name:~# ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=116 time=34.5 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=116 time=34.6 ms
64 bytes from 8.8.8.8: icmp_seq=3 ttl=116 time=34.4 ms
64 bytes from 8.8.8.8: icmp_seq=4 ttl=116 time=34.4 ms

P.S. I must to say, that this version of script - https://github.com/angristan/openvpn-install/commit/67feb344460e7f8e54d9005f1bfe280346fcac59 working very well and very fast but unfortunately this is the old version.

angristan commented 5 years ago

OK, so the issue is not that you can't connect but that it is slow.

67feb34 has nothing to do with that (it is just a bash rewrite, it does the exact same thing).

Well we can't really do anything about speed issues. It may be a peering issue or latency issue between the client and the server...

loadcorp commented 5 years ago

I suppose that with last version of your script problem with slow connection (with this slow connection pages not opening in browser even in 5 minutes).

I tested many versions of your script with your different commits. But on the same client and server your old script (https://github.com/angristan/openvpn-install/commit/67feb344460e7f8e54d9005f1bfe280346fcac59) is working very fast. That's why I think this is not the problem with peering or with latency like you said. For example with this version ping is always about 60-70 ms. It is much less then 240-270 ms.

angristan commented 5 years ago

Did you actually try 67feb34 recently?

loadcorp commented 5 years ago

Yes, I can try it again now. And I can give you access on the server to your email address if you want to check or I can give you config file .ovpn with this version.

angristan commented 5 years ago

OK, lets do that. You can get my email address from the commits

loadcorp commented 5 years ago

Sent to your email with my notes.

angristan commented 5 years ago

Thanks

angristan commented 5 years ago

I was able to test both versions of the script on your server. I did speedtest from France. I noticed the same ping latency on both versions, and speeds ranging from 1 Mb/s to 30 Mb/s on both download and upload and both version of the script. To me, your connection is just unstable.

For example: I tested with 67feb34, got 30 Mb/s of download, then tested with master and got 25 Mb/s, then 67feb34 with 1 Mb/s, then master with 2 Mb/s... This is not a script issue.

loadcorp commented 5 years ago

Ok. I see that you used default 1194 port and turned on Compression LZ4. I tried this config and actually this is much more better speed then mine. Also i tried this 1194 port without LZ4 (because of voracle attack vulnerability) and speed was been ok too.

But when I tried to use 443 port (I am using this to hide from websites that I am using VPN), then speed going to very slow, I tried many times and I think this is the real problem, when I choose not default port. I see in browser how long is going "Performing a TLS handshake to..." any site which I am trying to open. After this I got "The connection has timed out".

angristan commented 5 years ago

But when I tried to use 443 port (I am using this to hide from websites that I am using VPN)

Using port 443 won't hide anything from websites, FYI