Posted: Wed Nov 16, 2022 21:07 Post subject: OpenVPN client/server floating bandwidth
Hi all, I have recently configured a client/server OpenVPN for a friend. I have used two brand new WRT1200ACv2 routers, which I have flashed with the latest available build: 50841.
The VPN is working fine, but when running speed tests I have a very high ping (like 120-140ms), but most annoying a "floating" bandwidth (speed tests jump from 5 to 60 Mbps then go down again and so on). I have created an extra certificate for a router I use for tests (which I know it works fine) and speed tests behave the same there, so I guess it is a server issue.
Here the configuration of both routers:
Server:
OpenVPN: Enable
CVE-2019-14899 Mitigation: Disable
Start Type: System
Inbound Firewall on TUN: FALSE
Config as: GUI(server)
Server mode: Router (TUN)
Network: 192.168.3.0
Netmask 255.255.255.0
Port: 1194
Tunnel Protocol: udp4
Encryption Cipher: Not Set
Hash Algorithm: None
First Data Cipher: CHACHA20-POLY1305
Second Data Cipher: AES-128-GCM
Third Data Cipher: AES-256-GCM
Advanced Options: Enable
TLS Cipher: None
Compression: Disabled
Push Client route: Default Gateway
Allow Client to Client: Enable
Allow duplicate Clients: Disabled
Allow Clients WAN access: Enable
Bypass LAN Same-Origin Policy: Enable
Tunnel MTU setting: 0
Tunnel UDP Fragment:
Tunnel UDP MSS-Fix: Disable
Use ECDH instead of DH.PEM: Enable
TLS / Static Key Choice: None
Client:
Start OpenVPN Client: Enable
CVE-2019-14899 Mitigation: Enabled
Server IP/Name : Port: *****.****:1194
Set Multiple Servers: Disable
Tunnel Device: TUN
Tunnel Protocol: udp4
Encryption Cipher: Not Set
Hash Algorithm: None
First Data Cipher: CHACHA20-POLY1305
Second Data Cipher: AES-128-GCM
Third Data Cipher: AES-256-GCM
User Pass Authentication: Disable
Advanced Options: Enable
TLS Cipher: None
Compression: Disabled
NAT: Enable
Inbound Firewall on TUN: FALSE
Killswitch: TRUE
Watchdog: Disable
Source routing (PBR): Route Selected Sources via VPN
Split DNS: FALSE
Policy based Routing: Needed Range
Tunnel MTU setting: 0
Tunnel UDP Fragment:
Tunnel UDP MSS-Fix: Disable
Verify Server Cert: FALSE
TLS Key choice: None
I have suggested to choose those two routers as we got a good offer and as I have my personal server running on a WRT1200ACv1. In my case the bandwidth is always the same and ping is like half of it (distances are same), the only thing is that it is running a 2018 build.
Any default setting that could cause this? As I have basically left the default router configuration (I just needed an AP on a separate subnet) and I have disabled SFE. Other settings should be mostly defaults.
Hello @egc, I thought in newer release the automatic MTU was fixed, isn't it? Anyway, I have tried 1400, 1500 and lower ones as well, but nothing changes. I have even tried moving to TCP
- Tried a couple of different VPN ports. (same behaviour)
- Tested provider connectivity w/o VPN (connection is fast and stable)
- Did a long test to prepare, but it was worth it: I have downgraded the server with the same (very old 37305) build I have on my personal WRT1200AC, configuration copy/pasted from mine, but I am still experiencing this floating bandwidth with packet loss (tried both of them from my asus openvpn client router). It is strange, as that servers were exactly the same except mine is a WRT1200ACv1 and my friend's is a WRT1200ACv2.
I went through the troubleshooting guide and everything suggest it is an MTU problem, as I thought at the beginning, but I have tried 0, 1500, 1400, 1350 and 1300. Nothing has changed.
Bumping this up with another update:
I have created a client certificate for a smartphone (previously connected through the dd-wrt VPN client) and this floating behaviour disappears completely when connecting it directly to the server. This is the .ovpn file for it:
I would say this is definitely something wrong with the dd-wrt OpenVPN client configuration, or with other settings scattered here and there.
Has anyone any clue of what it could be?