Friday, January 10, 2014

Tweaking OpenVPN over 3G, 4G and LTE

The default configuration of OpenVPN server is not optimized for mobile networks. In my house, for example, I get only 2~3 Mbps download over H+. After adding the following lines to the server.conf file, speed bumped up to 8 Mbps:

tcp-queue-limit 128
txqueuelen 2000
tcp-nodelay
sndbuf 393216
rcvbuf 393216
push "sndbuf 393216"
push "rcvbuf 393216"

In downtown where LTE is available at full bars, I get whopping 22.68 mbps dn / 2.61 up:




As always, YMMV, but now you know where you should look into if you are not satisfied with your current VPN speed. Once again, this is why you should use VPS for VPN, because you have full control of it. When you buy VPN services, you cannot do such tweaks.

[update] 15000 is too large for txqueuelen and causes interruption to ICS-OpenVPN (OpenVPN for Android); 2000 is enough for a LTE connection. Also for ICS-OpenVPN, rcvbuf and sndbuf values must be given to it as custom options, because the default values used by it, 65535, are too small to perform faster than 10 Mbps over a LTE connection. OpenVPN Connect does not have such issues.

8 comments:

  1. where to open the server.conf file, Thank you advance

    ReplyDelete
  2. A question, my openvpn client on android client can establish connection, but I can't browse any public sites. however, the openvpn access from computer works totally fine. may you please share your server and client configurations?

    ReplyDelete
  3. Hi

    How did you configure the Raspberry pi firewall/nat for the OpenVPN server to work over a 3G/4G/LTE connection.

    Thanks

    ReplyDelete
    Replies
    1. Sorry I don't know, I never use a Raspberry, routers or such embedded devices for such projects. I simply use an old netbook running XP for such things, much easier to work with.

      That said, what exactly do you want to achieve here? A Raspberry has a LTE connection and you run an OpenVPN server on it? A LTE device usually does not get a public IP, so you cannot access it from the outside. If this is the case, you have to use a VPS and SSH tunneling. Then you access the OpenVPN server or other servers by accessing the VPS. Then, why not just set up an OpenVPN server on the VPS? VPS are really cheap these days, few dollars per year.

      If you really need to access things behind the LTE connection, would Teamviewer do? If not, then VPS + Tunneling is what comes up to my mind.

      Delete
  4. do i need to root my device? if yes how can i speed up without rooting?

    ReplyDelete
    Replies
    1. If you use OpenVPN on your phone, you don't need to root it. If you use it as a hotspot through OpenVPN, then you either root the phone to mod the routes, or you run OpenVPN on other devices and computers.

      Delete