OpenVPN speeds inconsistent?

Please Note: The TotalFreedom Forum has now been put into a read-only mode. Total Freedom has now closed down and will not be returning in any way, shape or form. It has been a pleasure to lead this community and I wish you all the best for your futures.

    So I have my own VPN. I primarily made it to bypass the ridiculous amount of blocked sites at school however I've properly adapted it into my server security. However one of the things that I don't understand is why my speeds are so slow.

    Here's a speedtest from the server

    It has a 1gig connection and it's a vps from ovh. But when I run a speedtest I only get 2mb download and 10mbps upload. My internet is 100mb download and 10mb upload. So the upload speed makes sense but is there any explanation for a such low download speed? I have a pretty much stock configuration. I have OpenVPN monitor installed on the server and I am the only one connected. Version is 2.5.0 I believe.

    Any help would be appreciated because frankly can't pinpoint an issue. I had a VPN setup when I still used hetzner and I always maxed out and the actual internet speeds were the bottleneck not the VPN. The problem with hetzner is that the ping was pretty high at ~150ms. On ovh it's much more acceptable at ~60ms but that's explainable due to the location change. Is it just because hetzner was a dedicated server and ovh is a vps (not dedicated) and I'm just screwed? i don't really know how that works and if the network connection is shared between multiple vps's or not

  • Go to Best Answer

    I've noticed similar issues myself with OVH servers, and part of it is the way they manage networking seems to effectively ramp up your capacity as demands requires, but also historically I've found issues whereby it seems to be issues with the disk IO performance as most VPN Software is still running components off the disk and writing to disk.

    OVH Generally also provide a heatmap type thing that shows traffic in their network, it might be worth seeing if you're in a datacentre or rack even that has high network usage, as it's possible that it's saturating the backbone and you're just struggling to get traffic through. But then again, that wouldn't explain why the server itself has decent speeds but not your local setup.

    I think Speedtest also has a "Single" and "Multi" setting, make sure you run it from the server on single as I understand that better replicates how VPN's would reach out if it routes via the server.

    Wild1145

    Network Owner at TotalFreedom

    Managing Director at ATLAS Media Group Ltd.

    Founder & Owner at MastodonApp.UK

    @wild1145#1544 I was using speedtest cli and just added the share flag. I'll see if it's single or multi. I can run a disk speed benchmark. If I actually recall the IO speeds on ovh were shit and the dedicated server was real NVMe SSD speeds

    • Best Answer

    Here are read/write speeds on the disk
    Timing buffered disk reads: 3430 MB in 3.00 seconds = 1143.15 MB/sec

    The connection from speedtest-cli was multi but here's a single one

    Edit: I've decided to call this one a stalemate. I've tried with other VPNs on multiple devices and they all match with the speeds of my VPN. At this point I think it's just location more than anything else. Even the closest VPNs to me are still 5mbps down and 10mbps up.

    Here's the new issue though. I decided to ditch OpenVPN entirely and switch to WireGuard. However, now I can't download the actual .conf files from https://vpn.telesphoreo.me

    Basically you put the name and it'll give you the .ovpn (now it's .conf) file to import. However it's now returning error 403. I gave it full 777 perms and changed the owner from root:root to www-data:www-data

    What gives with that???

    This is from my Apache error.log

    [Sun Nov 22 02:05:46.172092 2020] [:error] [pid 383217] [client 70.37.246.22:52161] [client 70.37.246.22] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "93"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "vpn.telesphoreo.me"] [uri "/<redactedprofilename>.conf"] [unique_id "X7nHescczV8RVMPR5ZI2vAAAAAk"], referer: https://vpn.telesphoreo.me/

    Edit: after digging through obscure posts on ancient forums I finally found the solution to unblock .conf on one vhost

    Code
            <LocationMatch "/">  
                SecRuleRemoveById 920440  
        </LocationMatch>

    in case anyone needs it and 920440 being the error ID from the Apache error logs

  • wild1145 November 2, 2022 at 6:29 PM

    Selected a post as the best answer.