NeoRouter
http://www.neorouter.com/forum/

Openvpn between neorouter clients issue
http://www.neorouter.com/forum/viewtopic.php?f=3&t=6096
Page 1 of 1

Author:  esv [ Thu Nov 09, 2017 5:11 am ]
Post subject:  Openvpn between neorouter clients issue

Hi.

I'm trying to setup a openvpn TAP tunnel between two neorouter clients.
it's no problem estabilish the communication. I can ping the subnet behind the client and access the network, but everything is extremly slow. it's like there is alot of packet drops or something like that.

If i try connect the openvpn tunnel to the other client using it's public ip instead of the neorouter ip, everything works perfect and fast.
The reason why i want to use the neorouter ip instead is because sometimes i can't have a public ip on the other client.

i've tried using openvpn with both TCP/UDP, with/without encryption. The combination that works best right now is using TCP with encryption, worse results is with udp without encryption..

is it something about neorouter trying to make a p2p connection using the vpn that makes the connection slow? i have tried to disable package filter on the server without any difference.

Author:  kevinz [ Thu Nov 09, 2017 9:50 am ]
Post subject:  Re: Openvpn between neorouter clients issue

Hi esv,

The reason would be one VPN over another VPN, hence it causes too much overhead. Both OpenVPN and NR try to find the shortest route to send packets, when a VPN is ready before another, it definitely choose the VPN tunnel instead of the physical networks, if they are cross Internet or networks.

So it's not recommended run multiple VPNs, as it will slow down the performance fore sure.

Thanks,
KevinZ - NeoRouter team

Author:  esv [ Thu Nov 09, 2017 10:59 am ]
Post subject:  Re: Openvpn between neorouter clients issue

Must be something about the nr traffic using the vpn tunnel setup by openvpn instead..

I've tried to only use openvpn for this today, running a vpn tunnel inside another openvpn tunnel and that is working perfectly.

Like this: Client1(with ip 10.5.5.2) is connected to a vpn server using a routed tunnel, client2(10.5.5.3) is connected to the same vpn server.
When both clients are connected to the server i connect the TAP(layer 2) openvpn between the two clients (inside the vpn tunnel). i know this causes a lot of overhead but this setup works. And i can access the whole network behind client2.

kevinz wrote:
Hi esv,

The reason would be one VPN over another VPN, hence it causes too much overhead. Both OpenVPN and NR try to find the shortest route to send packets, when a VPN is ready before another, it definitely choose the VPN tunnel instead of the physical networks, if they are cross Internet or networks.

So it's not recommended run multiple VPNs, as it will slow down the performance fore sure.

Thanks,
KevinZ - NeoRouter team

Author:  esv [ Wed Nov 14, 2018 10:24 am ]
Post subject:  Re: Openvpn between neorouter clients issue

i found a solution for this problem.
it was a MTU issue. because i used a UDP tunnel and neorouter MTU was 1300 (link was trying to use 1500).

Adding the line "link-mtu 1260" to the openvpn file fixed it. (i don't know if 1260 is the highest value possible or not, but it's working now)

Author:  lysamari [ Mon Feb 11, 2019 9:53 pm ]
Post subject:  Re: Openvpn between neorouter clients issue

This article is very detailed and meticulous, I read a lot of articles on this topic, but for this article, you leave me a deep impression and practical application to my life. Thank you for sharing.

Page 1 of 1 All times are UTC - 5 hours
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group
http://www.phpbb.com/