Posted: Fri Apr 23, 2021 18:32 Post subject: [SOLVED]OpenVPN Server on R6400v2 Packet loss/Delay
Hello there! Hope everyone is doing OK.
I've recently just learned to set up an OVPN server on a DD-WRT flashed R6400v2.
Everything seems to work fine, as in I can connect (obviously), and access resources on my home LAN subnet, and all traffic is successfully being forwarded so I can tunnel everything through it.
Throughput/bandwidth is also OK.
My only issue is with Discord voice chat.
I first noticed an issue where as soon as I connected to my DIY VPN, my ability to TRANSMIT is gone. Like I said earlier, the internet works. Everything else about the VPN works. I can still hear everyone else in the same voice channel, but nobody else can hear me.
I'm quite new to this, so I have no idea where to start troubleshooting. As per reddit, discord support, and other sources I went through WebRTC test, speedtests, and packet loss tests. Everything came back fine, except the packet loss test.
What I've noticed is that I usually get no packet loss when I'm just at home performing the test.
I also get no packet loss when I connect my laptop to smartphone hotspot.
As soon as I connect the laptop to the VPN through the phone hotspot, the packet loss is not only pronounced, but the results are IDENTICAL every single time.
I also grabbed a second router, plugged it into the first router, and set up OVPN on that too, then connected to the second router's OVPN server from the first router's LAN to try and isolate ISP/WAN performance issues.
I get the same Packet loss issues as soon as I'm connected to the OVPN server.
I also get packet loss if I use the Android OVPN app, and do a packet loss test from the phone. <-- And of course, I wouldn't be posting about it if I got packet loss while I'm just on mobile data without a VPN, but I don't.
So TLDR is it looks like something about my configuration for OVPN server on DD-WRT is causing packet loss (only on the download/return trip), and as a result it's preventing me from using any kind of VOIP application.
I haven't been able to find any information or anyone else who has had this issue.
Would any of you veterans out there be so kind as to give me some pointers as to what this might be?
Thank you so much in advance
I've posted some attachments I think would be relevant, so maybe you could take a look at those and find something I missed
Posted: Fri Apr 23, 2021 18:41 Post subject: More tests with phone directly connected to home VPN..
So here are 3 more tests done on the phone on 4G and connected to the VPN. Didn't post the one WITHOUT a VPN because that one was flawless.
These three however...
the consistency goes to show something weird is going on in the router. It doesn't feel like some sort of bottleneck, because its not freezing at any point, overall throughput is still good, and when checking the router stats page CPU / MEM usage is low.
Posted: Fri Apr 23, 2021 19:58 Post subject: test with TCPv4
egc wrote:
As a test use TCP as tunnel protocol.
Hi there, thanks for the reply! Just tested with TCPv4 and results are similar 149 packets sent, 46 received, with 69.1% total loss.
This was also confirmed with a different phone's hotspot.
Overall throughput is OK enough to sustain what I need to do, but packet loss is still a problem. See attachments.
Posted: Sat Apr 24, 2021 13:36 Post subject: more info
egc wrote:
What build are you using?
How do you test?
I think you do not have internet access when you are on vpn. At least not with this firewall rule.
What is the Openvpn status page showing? Post a screenshot of the whole page not more than 768 pixels width
If you have not already found it see the documentation, link in my signature.
So I'm on the Netgear R6400v2, with Firmware: DD-WRT v3.0-r44715
In simple terms, my issue is that packet loss / delay is huge and results are also very similar if not IDENTICAL during each test when connected to the VPN. It doesn't matter whether I'm using Android phone connected to VPN directly, or Laptop connected to mobile hotspot then VPN and testing like that, or even just using a laptop connected to a completely different Wifi network (like my friends house).
Upload Packet loss is 0 but receiving packets always stop at approximately 47-50 when using https://packetlosstest.com/ at default settings, but with Australian server.
The consistency shows me that there is something wrong with either my configuration or the router.
Overall throughput/bandwidth when connected to the VPN is good. At least 15/15 mbps if using 4G data from phone, or up to 50/40 if laptop is connected to a proper wifi network.
Again, it is only the packet loss that is a problem, and it is affecting my discord voice chat.
Also, I can assure you the VPN is working otherwise, and internet traffic is being routed/forwarded properly. Please see attached pictures for details, The router IP is 192.168.192.1, DHCP pool is 192.168.192.100-150.
OpenVPN server uses 10.0.0.0, with netmask 255.255.255.0.
On the Firewall page the command should match 10.0.0.0 ... yes?
I originally watched a video guide https://youtu.be/dwrR18_xO_Q and in the video description it also links your guide. I have already looked at both. Guide uses 10.8.0.0 for both server config page, and firewall page.
All I'm saying is I think I have that part correct. And I can verify it works by turning on 'Always On VPN' on android, and also 'Block access when disconnected' so all traffic is always going through VPN. If the VPN was not working I would not be able to do packet loss test in the first place anyway.
I see in your signature you have an R6400 v2, but have you yourself verified that packet loss specifically is not an issue? I will mention it again, the normal speedtest will not indicate a problem.
I will also mention that today I have tested DD-WRT on a ASUS RT-AC68U. Same OpenVPN server configuration, but this time I tested with the AC68U WAN connected to R6400V2's LAN port.
I then connected via R6400v2 LAN subnet 192.168.192.0 to AC68U's WAN IP which is 192.168.192.128 so I can isolate the issue to make sure my ISP is not causing the problem.
The issue is exactly the same. OpenVPN server on DD-WRT for BOTH routers will cause packet loss and all results are always very similar. Always 149 packets sent, but only 47-50 received.
I do not understand it, but to me this seems like a firmware issue. CPU Usage monitored using SSH and TOP command also shows OpenVPN process uses maximum of 10-15% when doing SPEEDTEST.
When doing Packet loss test the CPU usage is only 2%
I am currently contacting ISP to see if they have any ideas, but can someone please double check their openvpn/dd-wrt configurations and test by using https://packetlosstest.com/ ?
but this made no change whatsoever. The performance was exactly the same, and packet loss issue is still there. I'm awaiting response from my ISP, so we'll see if they're throttling any VPN traffic (I'm not sure how this works as I have zero advanced networking knowledge)
But as I mentioned earlier, I tested the openvpn server config on another Asus RT-AC68U with similar packet loss issues.
I'm planning to take both routers to a friend's apartment soon to see if his different ISP exhibits the same behavior. If it does, then we know OpenVPN on DD-WRT is the problem.
Joined: 18 Mar 2014 Posts: 12885 Location: Netherlands
Posted: Sun Apr 25, 2021 20:07 Post subject:
For posterity, this is a test where a client connects to the VPN server and via the VPN server to the packetloss test server (https://packetlosstest.com/) actually some sort of a continuous ping test.
SFE seems to have problems with this test. I do not know if it is a real problem or just in this test scenario as a ping test with SFE on does not show any problems.
Anyway if you experience problems disable SFE and see if your problems are gone not only with the test (because it is possible that the test cannot deal with SFE (or the other way around)) but in real world use cases (do not forget to reboot, something which is always useful after changing settings) _________________ Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399 Install guide R7800/XR500:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614 Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
For posterity, this is a test where a client connects to the VPN server and via the VPN server to the packetloss test server (https://packetlosstest.com/) actually some sort of a continuous ping test.
SFE seems to have problems with this test. I do not know if it is a real problem or just in this test scenario as a ping test with SFE on does not show any problems.
Anyway if you experience problems disable SFE and see if your problems are gone not only with the test (because it is possible that the test cannot deal with SFE (or the other way around)) but in real world use cases (do not forget to reboot, something which is always useful after changing settings)
SFE as in Shortcut Forwarding Engine?
I do apologize for my ignorance because I don't actually have a whole lot of networking knowledge besides basic DHCP/IP/Subnetting. I've spent the last 3-4 days going on a spree learning how to set up OVPN on several different firmwares and also Ubuntu on a dedicated VPS host.
I actually installed the AC68U at a friends house because after moving to FreshTomato on the R6400V2 I decided to leave it because it was working 100% and I like the interface a little better. I also wanted to see if I can set up a site-to-site tunnel so neither of us has to connect to the VPN just to play LAN games.
When you said 'seems to have problems' do you mean you also get packet loss when SFE is enabled?
The AC68U is still running DD-WRT so I can set up a server in a few days when I go to his house and report back if the SFE setting makes a difference.
At least if we can confirm it then people will know to watch out for that setting.
Hi egc, so for the last few days I've been again reflashing between firmwares for experimentation and I can confirm that disabling SFE seems to have fixed the issue.
Thanks again for the tip! I've currently come back to DD-WRT as I do actually prefer it over the other firmware.
I wouldn't really understand the differences between the linux kernels besides the fact that more security updates = better but...
One thing I've noticed about Tomato is the over-complex Country/Region settings. They have a country as well as a 'country revision'.
Country revision is a number from 0-999.
IMHO, for a newbie that is so pointless and extra.
They have a specific list of Country + Revisions that are 'valid', and if you choose the wrong combination your wireless channels may not show up correctly.
The worst part is documentation is scarce... it only gives you a list of some countries and their valid revisions.
The 80mhz on 5G wifi seems to be a bit bugged as well, switching between control channel upper/lower the highest channels are 149 and 153.
Shouldn't it be 149 if Lower is selected for control channel and 161 if Upper is selected?
Anyways, you can imagine my frustration - because I'm sure a lot of people who flash custom firmware just want to be sneaky and use channels they're not supposed to be using in a quiet place.
Why reinvent the wheel? Why not just make it a simple list of countries and ditch the revision setting? These are questions I will never get answers to because I'm not a dev but I guess I can't complain if I decide to use their firmware for free!
