AZ8 Posted May 24, 2019 Share Posted May 24, 2019 I have a local OpenVPN server on Banan Pi M1, with latest armbian. I tried to replace with OrangePi3 but current results is disappointing iperf3 results on Banana Pi M1 OpenVPN server Connecting to host bouygues.iperf.fr, port 5201 [ 4] local 10.8.0.4 port 46250 connected to 89.84.1.222 port 5201 [ ID] Interval Transfer Bandwidth [ 4] 0.00-1.00 sec 1.69 MBytes 14.1 Mbits/sec [ 4] 1.00-2.00 sec 1.81 MBytes 15.1 Mbits/sec [ 4] 2.00-3.00 sec 2.43 MBytes 20.4 Mbits/sec [ 4] 3.00-4.00 sec 681 KBytes 5.58 Mbits/sec [ 4] 4.00-5.00 sec 1.99 MBytes 16.7 Mbits/sec [ 4] 5.00-6.00 sec 1.33 MBytes 11.2 Mbits/sec [ 4] 6.00-7.00 sec 1.55 MBytes 13.0 Mbits/sec [ 4] 7.00-8.00 sec 1.62 MBytes 13.6 Mbits/sec [ 4] 8.00-9.00 sec 1.33 MBytes 11.2 Mbits/sec [ 4] 9.00-10.00 sec 1.76 MBytes 14.8 Mbits/sec - - - - - - - - - - - - - - - - - - - - - - - - - [ ID] Interval Transfer Bandwidth [ 4] 0.00-10.00 sec 16.2 MBytes 13.6 Mbits/sec sender [ 4] 0.00-10.00 sec 15.7 MBytes 13.2 Mbits/sec receiver iperf3 results on Orange Pi 3 OpenVPN server Connecting to host bouygues.iperf.fr, port 5201 [ 4] local 10.8.1.4 port 41583 connected to 89.84.1.222 port 5201 [ ID] Interval Transfer Bandwidth [ 4] 0.00-1.00 sec 621 KBytes 5.09 Mbits/sec [ 4] 1.00-2.00 sec 868 KBytes 7.11 Mbits/sec [ 4] 2.00-3.00 sec 1.18 MBytes 9.89 Mbits/sec [ 4] 3.00-4.00 sec 1.16 MBytes 9.75 Mbits/sec [ 4] 4.00-5.00 sec 1.02 MBytes 8.53 Mbits/sec [ 4] 5.00-6.00 sec 966 KBytes 7.92 Mbits/sec [ 4] 6.00-7.00 sec 726 KBytes 5.95 Mbits/sec [ 4] 7.00-8.00 sec 676 KBytes 5.54 Mbits/sec [ 4] 8.00-9.00 sec 2.58 MBytes 21.7 Mbits/sec [ 4] 9.00-10.00 sec 4.78 MBytes 40.1 Mbits/sec - - - - - - - - - - - - - - - - - - - - - - - - - [ ID] Interval Transfer Bandwidth [ 4] 0.00-10.00 sec 14.5 MBytes 12.2 Mbits/sec sender [ 4] 0.00-10.00 sec 14.0 MBytes 11.7 Mbits/sec receiver As you can see, connection via OPi3 is slower, but more than that, it is unstabe and fluctuating from 5-8 MBit/s to 40 MBit/s What can I tune to improve openvpn connectivity? Link to comment Share on other sites More sharing options...
dolphs Posted May 28, 2019 Share Posted May 28, 2019 not sure on which kernel you are, but these kernel settings should give a boost: put a .conf-file in " /etc/sysctl.d " and reboot. 1/ net.core.default_qdisc = fq net.ipv4.tcp_congestion_control = bbr 2/ net.core.rmem_max = 16777216 net.core.wmem_max = 16777216 net.ipv4.tcp_rmem = 4096 87380 16777216 net.ipv4.tcp_wmem = 4096 87380 16777216 3/ optional net.ipv4.tcp_fastopen = 3 net.ipv4.tcp_no_metrics_save = 1 net.ipv4.tcp_slow_start_after_idle = 0 net.ipv4.tcp_timestamps = 0 net.ipv6.conf.all.disable_ipv6 = 1 net.ipv6.conf.default.disable_ipv6 = 1 net.ipv6.conf.lo.disable_ipv6 = 1 net.ipv6.conf.eth0.disable_ipv6 = 1 and certainly how looks your " server.conf ", eg some interesting settings . Please mind cipher in this case, I picked AES-128-CBC proto udp4 txqueuelen 1000 topology subnet #Set socket buffersize following for UDP recommended, also push to client sndbuf 393216 rcvbuf 393216 push "sndbuf 393216" push "rcvbuf 393216" float #Allow remote IP to change but keep authentication in place comp-lzo no #No need for streaming fast-io #Optimize I/O writes cipher AES-128-CBC ncp-disable auth SHA256 auth-nocache Link to comment Share on other sites More sharing options...
Recommended Posts