> Per your request on #openbsd, I do a short reply, to let you reply to it > again...
Thank you very much Kirill. > Have you tried to "download" from one of the clients, but without using > the VPN? You could use tcpbench or iperf in server mode on one of your > clients and do a port redirect from your WAN interface on the server to > a port which tcpbench or iperf is listening to. That way you can get > more clues regarding whether the issue is with OpenVPN or your network. The server can reach any client in subnet 10.8.0.0 only via VPN. However I noticed that I had a mistake in the iperf test 2 because I got confused with the direction data is send. As "man iperf" states: "To perform an iperf test the user must establish both a server (to discard traffic) and a client (to generate traffic)." Hence by default data is send from iperf client to server. This means in test case 2 data was send from VPN client 10.8.0.4 to VPN server 10.8.0.1, essentially testing upload speed. I conducted another test pushing data from external network to VPN client. === Case 4: WAN ==> Server = via VPN => Client * From some external node, send data to client via server via VPN tunnel * Testresults: ---- # iperf -s -p 5002 ------------------------------------------------------------ Server listening on TCP port 5002 TCP window size: 85.3 KByte (default) ------------------------------------------------------------ [ 4] local 10.8.0.99 port 5002 connected with 85.x.x.x port 54230 [ ID] Interval Transfer Bandwidth [ 4] 0.0-10.8 sec 5.38 MBytes 4.19 Mbits/sec → iperf -c 109.x.x.x -p 5002 ------------------------------------------------------------ Client connecting to nohost.xyz, TCP port 5002 TCP window size: 45.0 KByte (default) ------------------------------------------------------------ [ 3] local 192.168.178.26 port 54230 connected with 109.x.x.x port 5002 [ ID] Interval Transfer Bandwidth [ 3] 0.0-10.5 sec 5.38 MBytes 4.27 Mbits/sec ---- Compare this to the following: === Case 5: Client <= VPN = Server <= WAN * From client (10.8.0.99) download external file from WAN via VPN tunnel * Testresult: ---- # curl http://fra36-speedtest-1.tele2.net/100MB.zip > /dev/null % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 0 100M 0 48169 0 0 4985 0 5:50:34 0:00:09 5:50:25 5055 ---- So while pushing data from external network to vpn client works fine, downloading (requesting a download) from WAN on the client is very slow. Doesn't this imply that the VPN connection is "healthy" and that the problem is rather routing/firewall related? Cheers, Berry
