Closed PeterCxy closed 7 years ago
There are bunches of these things in the openvpn client-side log. It seems to be related to packet loss, but I am sure that the packet loss between the client and the server is 0% most of the time, or the normal TCP connections could not have reached ~80Mbps.
Try to use --cipher xor --auth nonce to avoid peformance problem. Try to add --sock-buf 10240 to avoid buffer problem.
Observe if throughput become better.
And,could your plz post your openvpn conf files of both sides?
==updated== Could you plz try with iperf3? Looks like,you are using the old iperf. I m not familiar with the old one.
==updated 2== Whats the peformance if you establish an openvpn connection directly by udp?
@wangyu- Adding those options did not bring any increase in throughput.
The following are my OpenVPN configurations. Since @BroncoTc had no problem with similar configurations (but with different ISPs on both sides. We talked privately), I suspect that it might be linked with my local ISP - But I cannot think of a way that QoS could be still present with udp2raw but not with standard TCP connections. (BTW, I have tried all of the three seq-mode but none of them brought any change. I also tried shutting down udp2raw and running a Shadowsocks server on the same TCP port and it reached at least ~80Mbps.)
server
server
local 0.0.0.0
port 39999
proto udp
fragment 1360
mssfix 1300
tun-mtu 1360 # Removing or adding this does not help.
sndbuf 2000000
rcvbuf 2000000
txqueuelen 4000
dev tun
# SSL stuff - hidden. I need authentication because I have to use CCD
dh dhparam.pem
# Routing stuff - hidden because it contains some public routable IPs
keepalive 10 120
comp-lzo no
user root
group root
persist-key
persist-tun
verify-client-cert none
plugin /usr/lib/openvpn/plugins/openvpn-plugin-auth-pam.so login
username-as-common-name
client-config-dir /etc/openvpn/ccd
script-security 2
up peter-up.sh
down peter-down.sh
client
client
remote 127.0.0.1 39997
proto udp
fragment 1360
mssfix 1300
tun-mtu 1360 # Removing or adding this does not help.
sndbuf 2000000
rcvbuf 2000000
txqueuelen 4000
ca openvpn-ca.crt
comp-lzo no
dev tun
auth-user-pass auth.txt
pull
script-security 2
up up.sh
down down.sh
@wangyu- I cannot connect directly through UDP because it will be censored and blocked. However, I have tried connecting to OpenVPN UDP servers inside China and it could reach ~10Mbps.
@wangyu- I cannot connect directly through UDP because it will be censored and blocked. However, I have tried connecting to OpenVPN UDP servers inside China and it could reach ~10Mbps.
@PeterCxy Do you have hangout or whatsapp? Could i talk to you privately?
@wangyu- I am @realPeterCxy on Telegram and peter@cxy.moe on Hangouts. I do also think this needs private chat for more details. Thanks.
We talked privately,it looks like some kind of network configuration problem. @PeterCxy has a very complicated network environment,the problem is still unclear,but we got a 90Mbit/s speed with specific configuration.
After fixing #6, the udp2raw handshake works without any problem and both sides could reach the ready state.
However, when trying to encapsulate OpenVPN tunnel over udp2raw, I observed that the throughput became extremely slow as the following picture shows
A normal HTTP download from my server to the client can get ~150Mbps and a Shadowsocks server running on non-standard TCP port (>20000) could get ~80Mbps. Though you mentioned that iperf has some problem in UDP speedtests, I also ran a test with bare iperf UDP over udp2raw and it showed similar results to the above TCP over OpenVPN over udp2raw one.
I have checked my OpenVPN configuration and added the IMPORTANT fields marked in your guide but nothing changed. Switching to OpenVPN TCP mode and tunneling it through shadowsocks could reach at least 50Mbps, and even QoS'ed UDP on my local network can reach at least 10Mbps+ (Tested by connecting to OpenVPN inside CERNET from my home network).
However, I haven't seen anyone experiencing similar issues for now. Not even sure if it is really something about udp2raw-tunnel.