On Tue, 22 Feb 2022 09:38:58 +0100, Bo Berglund <bo.bergl...@gmail.com> wrote:
>On Tue, 22 Feb 2022 00:32:46 +0100, Bo Berglund <bo.bergl...@gmail.com> wrote: > >>On Mon, 21 Feb 2022 13:05:17 +0000, André via Openvpn-users >><openvpn-users@lists.sourceforge.net> wrote: >> >>>Hi, >>> >>>According to >>>"RMerlin Asuswrt-Merlin dev" the Asus RT-AC-86U can "hit 200 Mbps of OpenVPN >>>throughput". >>> >>>"LouisvilleUK" states "I'm getting full 200 down throughput with >>>PrivateTunnel VPN using AES-128-GCM on the RT-AC86U". >>> >>> >>>https://www.snbforums.com/threads/openvpn-performance-of-the-rt-ac86u.41217/page-2 >>> >>I am running OpenVPN 2.4.7 on the server, what ASUS RT-AC68U or RT-AC86U are >>running I don't know... >> >>So can I set the following in the server side ccd config for the ASUSrouter >>client and then the router's OpenVPN client will adhere to the setting? >> >>#Set different cipher for the ASUS router client >>cipher AES-128-GCM >>push "cipher AES-128-GCM" >> >>The full ccd file looks like this in that case: >> >>iroute 192.168.117.0 255.255.255.0 >>#Disable compression and push it to the client >>comp-lzo no >>push "comp-lzo no" >>#Set different cipher for the ASUS router client >>cipher AES-128-GCM >>push "cipher AES-128-GCM" >> >>Will this also work on the older RT-AC68U router? >>I.e. should I wait until I have replaced the router on the remote LAN? >> >>Right now the cipher line in the main server.conf and client ovpn files looks >>like this: >>cipher AES-256-CBC >> >>Is this the culprit, being 256 rather than 128??? >> >>I do not know what is the difference between GCM and CBC... > >Forgot to ask: >Can I in some way from the OpenVPN server command a reconnect from the client >so >it starts using the new cipher? > >If I restart the openvpn service dealing with the client will that force a >renewed connection from the client (I have several services running >concurrently)? According to an offlist reply from @Tincantch a restart of the OpenVPN server service for the connection in question will force the reconnect and thus also the pushed cipher settings take effect. So I have done a test now: - Restarted the openvpn.local service on the server (local is only handling the local LAN traffic) - Remote LAN upload speed measured with speedtest at 249/150 Mbps. - An NFS share on the home LAN Ubuntu server is connected to from an RPi4 on the remote LAN - I did a command like this on that remote RPi4 device: time cp -p videofile.mp4 $HOME/sharedir/subdir It came out at 65 s for a file sized 218923372 bytes which means 27 Mbit/s So this is pretty good (better than I had before the switch of the cipher), but it still uses the old ASUS RT-AC68U router. I expect it to imnprove once I can travel to the site and install an ASUS RT-AC86U router instead. -- Bo Berglund Developer in Sweden _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
