Badgerlad 0 Posted ... Hi, I'm new to the VPN scene and it seems I need some major help to get the most out of it. I also suspect that I'm slightly different from the majority of users here in that I'm using this for better gaming connectivity rather than security and privacy (basically, Playstation Network hates my non-vpn connection because it's NAT type 3, which is out of my control, so the VPN is to bypass that, which it has done). My connection is shared through my appartment complex and does dhcp assignment. No way to open ports on that end as management want to enable residents to just plug into the wall and go with no requirement to buy a router, so they won't slack on security. Admirable, but annoying for me. The setup: Linksys E4200 running DD-WRT v3.0-r27490 (07/06/15) mega, CAT-5 to the wall and the previously mentioned appartment complex-controlled fiber connection. 1 desktop pc connected by cable, one laptop and a playstation 4 as well as a phone on wi-fi. Speeds are the same wired or on wi-fi. My speed without connection to Air is in the 80-100 Mbps range, with Air (client or set up in the router, which is the end goal) 6-9 Mbps. I'm expecting a drop in speed, but this is a little extreme. Tried various combinations of servers and protocols, main two servers I've been switching between for testing have been Acubens (Sweden) and Aquilae (Germany), started with UDP on port 443, then TCP on the same port. Speeds were virtually identical, have cycled through both on port 80, 53 and 2018 as well. All setup done following the guide from AirVPN, no extra rules or setup done since I wouldn't have an idea where to start. I've seen suggestions in other threads to increase the buffer sizes for people using the Air client, is this possible in DD-WRT, and if so how would I do it? I've tried with and without QoS enabled, didn't seem to make a difference, but open to suggestions on tweaks there. UPnP is on, which seems to help with getting connected to Playstation Network, but have tried disabling it too. Any general suggestions to optimize for speed? The safety of firewall rules dropping connection if the cpn connection goes etc are nice, but I am willing to give them up for a fast, efficient way to connect to what I want to connect to. Because of the playstation, using the Air client and ICS isn't an option, I'm not moving the computer into the living room. So I really need to make it work on the router. I'm not sure what info people will need to be able to help me with this, but to start with, here's the latest opvenvpn log from the router. Anything else you need, just ask and I'll get it to you. lient: CONNECTED SUCCESS Local Address: 10.7.0.63 Remote Address: 10.7.0.63 Status VPN Client Stats TUN/TAP read bytes 37625622 TUN/TAP write bytes 63862092 TCP/UDP read bytes 67544747 TCP/UDP write bytes 40866705 Auth read bytes 63862604 pre-compress bytes 0 post-compress bytes 0 pre-decompress bytes 0 post-decompress bytes 0 LogClientlog: 19700101 01:00:18 I OpenVPN 2.3.7 mipsel-unknown-linux-gnu [sSL (OpenSSL)] [LZO] [EPOLL] [MH] [iPv6] built on Jul 6 2015 19700101 01:00:18 I library versions: OpenSSL 1.0.2c 12 Jun 2015 LZO 2.09 19700101 01:00:18 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:16 19700101 01:00:18 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts 19700101 01:00:18 W WARNING: file '/tmp/openvpncl/client.key' is group or others accessible 19700101 01:00:18 W WARNING: file '/tmp/openvpncl/ta.key' is group or others accessible 19700101 01:00:18 I Control Channel Authentication: using '/tmp/openvpncl/ta.key' as a OpenVPN static key file 19700101 01:00:18 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication 19700101 01:00:18 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication 19700101 01:00:18 Socket Buffers: R=[87380->131072] S=[16384->131072] 19700101 01:00:18 I Attempting to establish TCP connection with [AF_INET]62.102.148.131:80 [nonblock] 19700101 01:00:19 I TCP connection established with [AF_INET]62.102.148.131:80 19700101 01:00:19 I TCPv4_CLIENT link local: [undef] 19700101 01:00:19 I TCPv4_CLIENT link remote: [AF_INET]62.102.148.131:80 20150729 20:15:39 TLS: Initial packet from [AF_INET]62.102.148.131:80 sid=b7316a64 4cbb8a61 20150729 20:15:39 N TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) 20150729 20:15:39 N TLS Error: TLS handshake failed 20150729 20:15:39 N Fatal TLS error (check_tls_errors_co) restarting 20150729 20:15:39 I SIGUSR1[soft tls-error] received process restarting 20150729 20:15:39 Restart pause 5 second(s) 20150729 20:15:44 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts 20150729 20:15:44 Socket Buffers: R=[87380->131072] S=[16384->131072] 20150729 20:15:44 I Attempting to establish TCP connection with [AF_INET]62.102.148.131:80 [nonblock] 20150729 20:15:45 I TCP connection established with [AF_INET]62.102.148.131:80 20150729 20:15:45 I TCPv4_CLIENT link local: [undef] 20150729 20:15:45 I TCPv4_CLIENT link remote: [AF_INET]62.102.148.131:80 20150729 20:15:45 TLS: Initial packet from [AF_INET]62.102.148.131:80 sid=49a2673c 32b3df6a 20150729 20:15:45 VERIFY OK: depth=1 C=IT ST=IT L=Perugia O=airvpn.org CN=airvpn.org CA emailAddress=info@airvpn.org 20150729 20:15:45 VERIFY OK: nsCertType=SERVER 20150729 20:15:45 NOTE: --mute triggered... 20150729 20:15:59 6 variation(s) on previous 3 message(s) suppressed by --mute 20150729 20:15:59 I [server] Peer Connection Initiated with [AF_INET]62.102.148.131:80 20150729 20:16:01 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1) 20150729 20:16:01 PUSH: Received control message: 'PUSH_REPLY redirect-gateway def1 bypass-dhcp dhcp-option DNS 10.7.0.1 comp-lzo no route-gateway 10.7.0.1 topology subnet ping 10 ping-restart 60 ifconfig 10.7.0.63 255.255.0.0' 20150729 20:16:01 OPTIONS IMPORT: timers and/or timeouts modified 20150729 20:16:01 NOTE: --mute triggered... 20150729 20:16:01 5 variation(s) on previous 3 message(s) suppressed by --mute 20150729 20:16:01 I TUN/TAP device tun1 opened 20150729 20:16:01 TUN/TAP TX queue length set to 100 20150729 20:16:01 I do_ifconfig tt->ipv6=1 tt->did_ifconfig_ipv6_setup=0 20150729 20:16:01 I /sbin/ifconfig tun1 10.7.0.63 netmask 255.255.0.0 mtu 1500 broadcast 10.7.255.255 20150729 20:16:01 /sbin/route add -net 62.102.148.131 netmask 255.255.255.255 gw 10.44.11.1 20150729 20:16:01 /sbin/route add -net 0.0.0.0 netmask 128.0.0.0 gw 10.7.0.1 20150729 20:16:02 /sbin/route add -net 128.0.0.0 netmask 128.0.0.0 gw 10.7.0.1 20150729 20:16:02 I Initialization Sequence Completed 20150729 21:15:59 TLS: soft reset sec=0 bytes=108182994/0 pkts=132933/0 20150729 21:15:59 VERIFY OK: depth=1 C=IT ST=IT L=Perugia O=airvpn.org CN=airvpn.org CA emailAddress=info@airvpn.org 20150729 21:16:00 VERIFY OK: nsCertType=SERVER 20150729 21:16:00 NOTE: --mute triggered... 20150729 21:16:13 1 variation(s) on previous 3 message(s) suppressed by --mute 20150729 21:16:13 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16 20150729 21:16:13 D MANAGEMENT: CMD 'state' 20150729 21:16:13 MANAGEMENT: Client disconnected 20150729 21:16:13 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16 20150729 21:16:13 D MANAGEMENT: CMD 'state' 20150729 21:16:13 MANAGEMENT: Client disconnected 20150729 21:16:13 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16 20150729 21:16:13 D MANAGEMENT: CMD 'state' 20150729 21:16:13 MANAGEMENT: Client disconnected 20150729 21:16:14 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16 20150729 21:16:14 D MANAGEMENT: CMD 'status 2' 20150729 21:16:14 MANAGEMENT: Client disconnected 20150729 21:16:14 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16 20150729 21:16:14 D MANAGEMENT: CMD 'log 500' 19700101 01:00:00 ca /tmp/openvpncl/ca.crt cert /tmp/openvpncl/client.crt key /tmp/openvpncl/client.key management 127.0.0.1 16 management-log-cache 100 verb 3 mute 3 syslog writepid /var/run/openvpncl.pid client resolv-retry infinite nobind persist-key persist-tun script-security 2 dev tun1 proto tcp-client cipher aes-256-cbc auth sha1 remote 62.102.148.131 80 comp-lzo yes tls-client tun-mtu 1500 mtu-disc yes ns-cert-type server tun-ipv6 tls-auth /tmp/openvpncl/ta.key 1 tls-cipher TLS-DHE-RSA-WITH-AES-128-CBC-SHA passtos Quote Share this post Link to post
go558a83nk 364 Posted ... https://www.dd-wrt.com/wiki/index.php/Linksys_E4200 see the link for specs. with that CPU you can't expect much more than the speed you're getting. look for a router with at least dual core 1000mhz CPU for acceptable openvpn speeds. Quote Share this post Link to post
Badgerlad 0 Posted ... At least 1000mhz? That's what the Netgear Nighthawks are clocked at, and outside of industrial gear, they're pretty much the fastest out there, so that's basically saying getting tolerable performance is impossible. I'm not looking to get anywhere near 100% of my speed, but getting near half would be nice. Quote Share this post Link to post
go558a83nk 364 Posted ... At least 1000mhz? That's what the Netgear Nighthawks are clocked at, and outside of industrial gear, they're pretty much the fastest out there, so that's basically saying getting tolerable performance is impossible. I'm not looking to get anywhere near 100% of my speed, but getting near half would be nice. get an asus AC56 if greater cost is prohibitive. those CPU can be overclocked to 1200megahertz. 50mbit/s openvpn is possible. Quote Share this post Link to post
Badgerlad 0 Posted ... Thanks for the tip, will look into it. I've no problem spending what it takes to get decent performance, as long as I know it can actually be made to work. Quote Share this post Link to post