Tweet
Hello
I'm running several OpenVPN servers which are used by about 1000 users.
Specs: Debian 12, OpenVPN 2.6.11, AES-256-GCM, DCO enabled and TLS crypt v2. 3 instances on each server (UDP 1194, UDP 80, TCP 443).
Clients are my own developed Swift apps for Apple devices using openvpn3 libraries (v3.8.4).
The performance is very good, on my home 320 mbit/s connection I get about 310 using UDP and about 290 using TCP, even on very far servers.
I have a handful of users though which get extremely slow speeds (DL under 1 mbit/s, UL 40 mbit/s) and I can't figure out why.
I'm using MTU of 1400 for UDP and 1280 for TCP (set on both servers and clients), but even with lower MTU of 1100 the issue stays the same.
I also implemented the obfuscation XOR patch, which together with TCP port 443 and TLS crypt v2 should circumvent provider throttling (in China it works fine).
Still the issue is the same. If those users download a testfile from the same server though, the speed is fast.
What else could I try?
I'm running several OpenVPN servers which are used by about 1000 users.
Specs: Debian 12, OpenVPN 2.6.11, AES-256-GCM, DCO enabled and TLS crypt v2. 3 instances on each server (UDP 1194, UDP 80, TCP 443).
Clients are my own developed Swift apps for Apple devices using openvpn3 libraries (v3.8.4).
The performance is very good, on my home 320 mbit/s connection I get about 310 using UDP and about 290 using TCP, even on very far servers.
I have a handful of users though which get extremely slow speeds (DL under 1 mbit/s, UL 40 mbit/s) and I can't figure out why.
I'm using MTU of 1400 for UDP and 1280 for TCP (set on both servers and clients), but even with lower MTU of 1100 the issue stays the same.
I also implemented the obfuscation XOR patch, which together with TCP port 443 and TLS crypt v2 should circumvent provider throttling (in China it works fine).
Still the issue is the same. If those users download a testfile from the same server though, the speed is fast.
What else could I try?
Code:
ca ca.crt cert server.crt crl-verify crl.pem dh dh.pem key server.key tls-crypt-v2 tc2.key cipher AES-256-GCM data-ciphers AES-256-GCM auth none topology subnet duplicate-cn max-clients 250 dev tun1 port 1194 server 10.8.1.0 255.255.255.0 proto udp push "redirect-gateway def1 bypass-dhcp" explicit-exit-notify tun-mtu 1400 push "explicit-exit-notify" keepalive 10 60 reneg-sec 28800 user nobody group nogroup persist-key persist-tun fast-io sndbuf 0 rcvbuf 0 txqueuelen 1000 verb 0 mute 1 log /dev/null status /dev/null