OpenVPN and slow speeds

I’m running an OpenVPN 2.4.x server on a Ubuntu 16.04 DigitalOcean droplet (their $5/mo one) and connecting to it with a Win10 client through a Comcast cable connection. The droplet is at DO’s data center within 100 miles of where I normally connect to it. Everything works fine, yet my speed while connected over the VPN are somewhat lower than I think they should be (~30Mbps vs ~150Mbps).

I’ve tried quite a bit of tuning and troubleshooting, to include the following:

• Changed port/protocol to TCP/443
• Changed encryption from AES-256-GCM/SHA512 to none/none
• Both of the above, plus turning off compression
• All of the above, plus various MTU settings

None of the above seems to make a difference in speeds. Even turning off encryption entirely didn’t make a significant difference. About the only things I haven’t tried yet are changing the location of my server and setting something up such as obfsproxy.

Is there anything else I can try to eke out a few more Mbps, or is this pretty much what I can expect from here on out?

1. use UDP

2. turn compression back on

3. if you care about security, turn encryption back on. It doesn’t have THAT much overhead, really.

4. set your tunnel MTU to 8192 (add “tun-mtu 8192” to your client config)

5. add the following 2 lines to your client config file:

fragment 0
mssfix 0

6. run speedtest-cli on your droplet to see what speeds you get there.

7. try your speed test again.

What are the transfer speeds to your VPS without the VPN? Like with iperf or an http download?

Check out Wireguard.

Thank you, will give these a shot. For clarity, I had changed these settings during testing, but currently have them back at defaults.

Just to close out this thread…after days of tweaking and testing and troubleshooting, I suddenly started getting incredibly good speeds…like, 100Mbps+ speeds. No idea if it was anything I did, either.

¯\_(ツ)_/¯

tun-mtu 8192

This improved my speeds a little. I’m not sure if it has to do with openvpn running on the PI - usually i get slower speeds through VPN I should be getting about 100mbps but I am getting only 50.

I will have to check. Iperf on Windows should work with the one on my linux server, correct?

That is the nearest one.

Forget these command line VPNs. Look at SoftEther: http://www.softether.org/

4 and 5 are the real improvements.

I’d be interested to know what you get.

Awesome! Glad to hear it. Document what you have!

What model Pi?

What is your internet upload and download speed at the VPN server location?

Why using OpenVPN instead of wireguard (it’s been 4 years, wg is much better than OpenVPN in most cases and is now widely supported.)

Yes. If the transfer rate is good then check the VPS’s load when you are transferring over the VPN. Top is a good command line tool that shows load.

So, did a bit of testing with the above changes, and I see pretty much the same speeds - maybe 1-2mbps improvement, if that.

Speedtest-cli on the droplet shows 545 down/313 up, so that appears to be decent. Another poster suggested using iperf, but I couldn’t get the Windows client to talk to the Linux server…will have to play some more with that later.

I did check server load with top while doing some downloading, and OpenVPN seemed to use about 50-55% of the CPU, with spikes up to 65% at points.

Is your droplet’s CPU dual-core?

Is that 50-55% number for a single core or all cores?

Single-core. Think a dual-core might improve things a bit?

Edit: Tried again today at lunchtime, and surprisingly enough, speeds shot up to around 100Mbps. Ran some tests (dslreports.com and Steam download) and confirmed. Even with the mtu settings back to defaults, I’m still seeing those speeds. Hell, maybe the cause of this is just that I’m using the VPN during peak hours, when everyone else is online?