Tuesday, October 31, 2017

Re: Xen based VPS / OpenBSD 6.2 / OpenVPN 2.4.4 => Slow download speed after upgrade

> Per your request on #openbsd, I do a short reply, to let you reply to it
> again...

Thank you very much Kirill.

> Have you tried to "download" from one of the clients, but without using
> the VPN? You could use tcpbench or iperf in server mode on one of your
> clients and do a port redirect from your WAN interface on the server to
> a port which tcpbench or iperf is listening to. That way you can get
> more clues regarding whether the issue is with OpenVPN or your network.

The server can reach any client in subnet 10.8.0.0 only via VPN.

However I noticed that I had a mistake in the iperf test 2 because I got

confused with the direction data is send. As "man iperf" states:

"To perform an iperf test the user must establish both a
server (to discard traffic) and a client (to generate traffic)."

Hence by default data is send from iperf client to server. This means in

test case 2 data was send from VPN client 10.8.0.4 to VPN server
10.8.0.1,
essentially testing upload speed.

I conducted another test pushing data from external network to VPN
client.

=== Case 4: WAN ==> Server = via VPN => Client
* From some external node, send data to client via server via VPN tunnel
* Testresults:

----
# iperf -s -p 5002
------------------------------------------------------------
Server listening on TCP port 5002
TCP window size: 85.3 KByte (default)
------------------------------------------------------------
[ 4] local 10.8.0.99 port 5002 connected with 85.x.x.x port 54230
[ ID] Interval Transfer Bandwidth
[ 4] 0.0-10.8 sec 5.38 MBytes 4.19 Mbits/sec

→ iperf -c 109.x.x.x -p 5002
------------------------------------------------------------
Client connecting to nohost.xyz, TCP port 5002
TCP window size: 45.0 KByte (default)
------------------------------------------------------------
[ 3] local 192.168.178.26 port 54230 connected with 109.x.x.x port 5002
[ ID] Interval Transfer Bandwidth
[ 3] 0.0-10.5 sec 5.38 MBytes 4.27 Mbits/sec
----


Compare this to the following:

=== Case 5: Client <= VPN = Server <= WAN
* From client (10.8.0.99) download external file from WAN via VPN tunnel
* Testresult:
----
# curl http://fra36-speedtest-1.tele2.net/100MB.zip > /dev/null
% Total % Received % Xferd Average Speed Time Time Time
Current
Dload Upload Total Spent Left
Speed
0 100M 0 48169 0 0 4985 0 5:50:34 0:00:09 5:50:25
5055
----


So while pushing data from external network to vpn client works fine,
downloading
(requesting a download) from WAN on the client is very slow.

Doesn't this imply that the VPN connection is "healthy" and that the
problem is rather
routing/firewall related?

Cheers,

Berry

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)