Codestone
asked on
Degradation of OpenVPN performance when hosting Wireless AP
I have an OpenVPN server which is configured as per this article: https://www.digitalocean.com/community/tutorials/how-to-set-up-an-openvpn-server-on-ubuntu-16-04
When I connect to the VPN server using native OpenVPN IOS app I get ~18Mbps down, ~3Mbps up on Speedtest.net IOS app
When I connect to the VPN using Windows 10 (using official OpenVPN client) I get ~18Mbps down, ~3Mbps up on Speedtest.net
I'm happy with those speeds.
What I'm trying to do is have a wireless Access Point called 'VPN-AP' and have it so whenever a device (iPhone, AppleTV, laptop etc.) connects to this, their internet traffic is routed down the VPN.
I've successfully achieved this, in turn, on each of the following devices, but I can never get half-decent throughput for the clients.
Whichever of the above I use, the performance for of the client connected to the hosted WiFi is TERRIBLE in comparison to the speeds posted above. At best 5Mbps down, 1Mbps up (Windows 10 with ICS).
None of the 'proxying' devices are straining their CPU and neither is the OpenVPN Server to which they all connect.
For clarity, I can sit on the Win10 PC with the OpenVPN client connected, open SpeedTest.net and get 18Mbps, but any client device connected to its hosted AP will get 5Mbps TOPS. The Win10 PC is in no way strained (it's a 2015 Macbook Pro, Core I7, 16GB RAM). The exact same is true if you connect a client to the Raspberry Pi's AP or the Linksys's.
I'm tearing my hair out - can anybody tell me why and what to try/do to fix?
Thanks!
When I connect to the VPN server using native OpenVPN IOS app I get ~18Mbps down, ~3Mbps up on Speedtest.net IOS app
When I connect to the VPN using Windows 10 (using official OpenVPN client) I get ~18Mbps down, ~3Mbps up on Speedtest.net
I'm happy with those speeds.
What I'm trying to do is have a wireless Access Point called 'VPN-AP' and have it so whenever a device (iPhone, AppleTV, laptop etc.) connects to this, their internet traffic is routed down the VPN.
I've successfully achieved this, in turn, on each of the following devices, but I can never get half-decent throughput for the clients.
- RaspberryPi 3, using Hostapd, dhcpd and OpenVPN
- Linksys E2500, flashed using Tomato (using Tomato's built in OpenVPN client)
- Windows 10 using official OpenVPN client and shared using a hostednetwork and Internet Connection Sharing
Whichever of the above I use, the performance for of the client connected to the hosted WiFi is TERRIBLE in comparison to the speeds posted above. At best 5Mbps down, 1Mbps up (Windows 10 with ICS).
None of the 'proxying' devices are straining their CPU and neither is the OpenVPN Server to which they all connect.
For clarity, I can sit on the Win10 PC with the OpenVPN client connected, open SpeedTest.net and get 18Mbps, but any client device connected to its hosted AP will get 5Mbps TOPS. The Win10 PC is in no way strained (it's a 2015 Macbook Pro, Core I7, 16GB RAM). The exact same is true if you connect a client to the Raspberry Pi's AP or the Linksys's.
I'm tearing my hair out - can anybody tell me why and what to try/do to fix?
Thanks!
ASKER
Thanks, but as mentioned the problem exists even if I connect devices to the Win10 PC’s AP (I7 MacBook with 16GB RAM), so it isn’t an AP host’s performance limitation.
This question needs an answer!
Become an EE member today
7 DAY FREE TRIALMembers can start a 7-Day Free trial then enjoy unlimited access to the platform.
View membership options
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
And you will get latency because of unencrypting the Wifi pacjets and then reencrypting them for OpenVPN.
A raspberry Pi 3 might not be the best device for this...., it is to veirfy the concept, but you need better connections between periferal chips & cpu for high performance.
Pine64 has a little more Umph (64bit CPU, but most important separated IO busses for WiFi and Ethernet & USB....
It can do 1 Gbps etc....) it might be a better alternative.