Untangle OpenVPN Slow

JoelM

JoelM

Active Member
Reaction score
169
Location
Colorado, USA
I may be starting this too general but I have 3 Untangle OpenVPN setups. On one of those setups I have one user, who is of course the one farthest away, is having issues.
When he opens files from the file share he gets long delays of up to 1 min where his computer will almost lock up. In file explorer he will get a not responding message.
His internet at his location shows about 200MB down & up when doing speedtest.net. I have checked his ping to the server across the vpn and his ping time averages around 100-120ms. It is the slowest ping time of any of the users but he is mainly accessing word docs and pdf files.
This is of course one of the owners of the company so this is not something I can just push off and tell him that's as good as it is.
Is there anything you can think of to streamline or tweak the OpenVPN setup?
I know you will have a lot of questions & I'll try my best to answer.
 
SMBv2 was never designed to work over the Internet. SMBv3 was... but even if you're using that protocol you're still going to have issues. Speedtest.net isn't scientific to start with, and even if the numbers it gives you are valid, the test itself is still useless for this purpose. It's entirely possible his home ISP has crap peering with the office's ISP, in which case you're stuck in slow land.

Your solution is to use RDP over the tunnel, stop moving files over it.

Another, use O365 the way it's intended and let OneDrive sync up his stuff and simply not use the VPN at all. Of course this depends on what you're using the tunnels for. VPN is great, but it's not a universal tool, and yes sometimes you have to get creative.
 
I don't use Untangle so no specific advice for you but some general tips.

- Check if the VPN is using TCP or UDP. OpenVPN can use either but UDP is significantly faster.

- Test MTU over the tunnel using ping -f -l and reconfigure if necessary. Fragmented packets can have a significant impact on UDP.

- Run iperf in both directions to get the raw throughput of the tunnel.

- Try running over a different port. ISP's often limit or prioritise certain ports and with VPN's being so common right now I wouldn't be surprised to find them limiting 1194 and other common VPN ports.
 
Untangle's OpenVPN only supports UDP, making it use TCP is not easy. Untangle also doesn't support operating over a customized port, so doing that isn't terribly easy either.

The fragmented packet test however... that's quite worth looking into, I always forget about that one.
 
I have read a lot of information on the MTU. In this situation where & how would I be changing the setting? Somewhere in Untangle, OpenVPN or on the remote PC or remote router?
 
JoelM said:
I have read a lot of information on the MTU. In this situation where & how would I be changing the setting? Somewhere in Untangle, OpenVPN or on the remote PC or remote router?
Click to expand...

I would be setting the MTU client side by adding a line to the OpenVPN config file (.ovpn)
mssfix 1420
This would set MTU of 1420.

Guide here explains in more detail https://www.sonassi.com/help/troubleshooting/setting-correct-mtu-for-openvpn


If you change MTU within Untangle it effects everyone. If you have multiple VPN users the odds are you would fix one connection only to break another.

If you change MTU at the remote router it effects all internet traffic at the remote site. You might fix the VPN only to cripple their general browsing/download speeds.
 
SAFCasper is correct, if you have a single OpenVPN user with MTU issues, it'd be best to custom modify only his configuration files.

Untangle lacks a graceful way to handle such things.

However, while you're in there poking around... you might want to read this: https://forums.untangle.com/openvpn/42872-soft-migration-eliminate-compress-directive.html

And hopefully it's not an ancient system that's been upgraded? Because if it is... you've got MD5 certificates to eliminate too.

It's important to note, the compression directives will be removed from Untangle's default OpenVPN configurations with the release of v15.1. It's also important to note that the old configuration won't just "go away", because all the clients need updating. Which is why I wrote that post.

Eliminating compression might solve an MTU issue too...
 
You must log in or register to reply here.

Similar threads

Appletax
[REQUEST] Free Version of Outlook Keeps Reinstalling
2
Replies
20
Views
509
britechguy
britechguy
ComputerDave
OneDrive Removed Documents?
Replies
9
Views
358
britechguy
britechguy
Multi-Visions
Onedrive issues need help
Replies
3
Views
152
britechguy
britechguy
ThatPlace928
[SOLVED] Best Remote Software?
2 3
Replies
58
Views
2K
twwabw
twwabw
YeOldeStonecat
Gaming rig...help with client computer with vid card issues.
2
Replies
25
Views
825
Rosco
Rosco
Back
Top