[Solved] OpenVPN latency problems

Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking
Author Message
BestDeveloper
DD-WRT Novice


Joined: 23 Nov 2022
Posts: 6

PostPosted: Wed Nov 23, 2022 15:05    Post subject: [Solved] OpenVPN latency problems Reply with quote
hello friends, please give me some advice or experience.

I'm using a DDWRT openVPN server, the router is a bit older but I'm the only one using the VPN (one device) so it should handle it... speed around 10-20Mb/s on UDPv4. Downloading YouTube and sites is fine, I've been using it for a long time... Unfortunately, I noticed that I have a problem with a few things. For example, a Messenger call is always disconnected after 40 seconds, a Telegram call is also disconnected, but much earlier. I can't play Fortnite either, I get to the menu but it fails to connect to the game.

I want to ask, is this normal with OpenVPN or do I have a problem? I think the settings should be correct if everything else works. I use DNS from google with the push command or something like that. I tried switching it to TCP but had the same problem. It's the same on multiple networks (different wifi).

Has anyone encountered this? can you advise I don't know if it's the device, OpenVPN or just the settings. I haven't tried Wireguard. I'm connecting from an Android device.

Thanks for any advice, tips or comments. I'll try everything because I'm not that good at it. Thank you very much
Sponsor
SurprisedItWorks
DD-WRT Guru


Joined: 04 Aug 2018
Posts: 1446
Location: Appalachian mountains, USA

PostPosted: Wed Nov 23, 2022 15:58    Post subject: Reply with quote
When some sites work through a VPN and others don't, the issue is nearly always that the failing sites have policies against allowing users who are using VPNs. They don't like that their surveillance is hampered, and in some cases like streaming sites there are licensing agreements restricting users to a geographical region. VPNs mean location unknown, so they simply disallow them.
_________________
2x Netgear XR500 and 3x Linksys WRT1900ACSv2 on 53544: VLANs, VAPs, NAS, station mode, OpenVPN client (AirVPN), wireguard server (AirVPN port forward) and clients (AzireVPN, AirVPN, private), 3 DNSCrypt providers via VPN.
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12837
Location: Netherlands

PostPosted: Wed Nov 23, 2022 16:45    Post subject: Reply with quote
I will move this thread to the more appropriate Advanced Networking forum, see the forum guidelines with helpful pointers about how to research your router, where and what firmware to download, where and how to post and many other helpful tips:
https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087

What router and what build are you using?

As already noted by @SurprisedItWorks it can be that some providers block VPN's, the block can kick in after some seconds. Or providers which use IPv6 only.

Other causes can be the use of Shortcut Forwarding Engine (SFE) on Basic Setup page or MTU too high.

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
BestDeveloper
DD-WRT Novice


Joined: 23 Nov 2022
Posts: 6

PostPosted: Wed Nov 23, 2022 22:08    Post subject: Reply with quote
egc wrote:
I will move this thread to the more appropriate Advanced Networking forum, see the forum guidelines with helpful pointers about how to research your router, where and what firmware to download, where and how to post and many other helpful tips:
https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087

What router and what build are you using?

As already noted by @SurprisedItWorks it can be that some providers block VPN's, the block can kick in after some seconds. Or providers which use IPv6 only.

Other causes can be the use of Shortcut Forwarding Engine (SFE) on Basic Setup page or MTU too high.


latest firmware.

Push Client Route: Default Gateway
Netmask: 255.255.255.0
Server Mode: Router(TUN)
Compression: Disabled
Inbound Firewall on TUN: not checked

push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"

iptables -t nat -I POSTROUTING -s 10.8.0.0/24 -o $(nvram get wan_iface) -j MASQUERADE

MTU: 1500
Shortcut Forwarding Engine (SFE): Enable
STP: Disable

Use dnsmasq for DNS: Checked

I will also mention that, for example, in the past in League of Legends (PC) I normally log in. When I turn on the league of legends game search, the hero selection starts normally, but after selecting the heroes, the game does not load anymore. When I downloaded the program and installed the "WTFast" program, suddenly LoLko was working normally.
BestDeveloper
DD-WRT Novice


Joined: 23 Nov 2022
Posts: 6

PostPosted: Wed Nov 23, 2022 22:11    Post subject: Reply with quote
egc wrote:

Other causes can be the use of Shortcut Forwarding Engine (SFE) on Basic Setup page or MTU too high.

YES thank you... when I switched SFE to DISABLE EVERYTHING WORKS.
Thank you, you solved a problem I had for over two years.

May I ask if my settings are correct? see above... and what "SFE" means (what it's for). Thank you very much
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12837
Location: Netherlands

PostPosted: Thu Nov 24, 2022 7:12    Post subject: Reply with quote
Latest firmware for me is build number 50927.

What router model do you have?

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
BestDeveloper
DD-WRT Novice


Joined: 23 Nov 2022
Posts: 6

PostPosted: Thu Nov 24, 2022 15:05    Post subject: Reply with quote
egc wrote:
Latest firmware for me is build number 50927.

What router model do you have?

Ohh, sorry . For me too 50927.

I have TP-Link WR1043NDv2
I have 11-21-2022-r50927 , link here https://dd-wrt.com/support/other-downloads/?path=betas%2F2022%2F11-21-2022-r50927%2Ftplink_tl-wr1043nd-v2%2F

I already read what Shortcut Forwarding Engine (SFE) means on the internet, so I already know what it means Smile

it's a shame that overclocking is not supported with this router Very Happy Smile
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12837
Location: Netherlands

PostPosted: Thu Nov 24, 2022 15:12    Post subject: Reply with quote
The Build you have is fine.

Your MTU of 1500 is rather high, consider using 1400 both for Client and Server.

OpenVPN Server setup guide is a sticky in this forum: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=327398

There is also a VPN troubleshooting guide which has the possible problems with SFE covered.

Unfortunately you only have SFE, Broadcom routers have another Acceleration option but for you it is end of line.

Anyway glad it is solved

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
BestDeveloper
DD-WRT Novice


Joined: 23 Nov 2022
Posts: 6

PostPosted: Thu Nov 24, 2022 15:20    Post subject: Reply with quote
egc wrote:
The Build you have is fine.

Unfortunately you only have SFE, Broadcom routers have another Acceleration option but for you it is end of line.

Anyway glad it is solved

it can be seen that you are familiar with it.

I want to ask, do you have any recommendations for a router? so that it is not too expensive, such a golden middle ground and that it is supported by DDWRT. Preferably something primarily for VPN and not a very old model.
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12837
Location: Netherlands

PostPosted: Thu Nov 24, 2022 16:01    Post subject: Reply with quote
Second hand NetGear R7800 if you can get one.
_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
Alozaros
DD-WRT Guru


Joined: 16 Nov 2015
Posts: 6410
Location: UK, London, just across the river..

PostPosted: Thu Nov 24, 2022 16:18    Post subject: Reply with quote
egc wrote:
Second hand NetGear R7800 if you can get one.


Yep R7800 is the best price/support/performance router around... or its re-boxed version XR500

And yes 1043v2 is great buddy, but lacks of lots of things and has a slow CPU especially for VPN server and client at the same time... + ssl is missing on it... Rolling Eyes

_________________
Atheros
TP-Link WR740Nv1 ---DD-WRT 55179 WAP
TP-Link WR1043NDv2 -DD-WRT 55303 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55460 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55460 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55363 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
BestDeveloper
DD-WRT Novice


Joined: 23 Nov 2022
Posts: 6

PostPosted: Thu Nov 24, 2022 20:02    Post subject: Reply with quote
ssl missing on it, what does it mean? After all, TLS is good too, right? it is also used in Windowsi think Very Happy

If I don't have SSL, the VPN is relatively safe, right?

I don't use password and name in OpenVPN, I read somewhere that it is not good from the security point of view.. do you think it is a mistake?


Otherwise, a long time ago, I had the MTU at 1400, but then the PC and the logs in ddwrt gave me some kind of warning... I suspect that it told me that the server and client do not have the same set MTU and that the default is 1500, and that's why I switched to 1500.. .I think I had the MTU set correctly but it just said not at the value of 1400 :/
Today I tried youtube in 1440p and 2160p (mobile) and both had no problem with youtube... Twitch also without problem.

I am afraid that I will mess something up if I change the MTU to 1400 on the client and server. :'(
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum