My three loved ones have deployed OpenVPN on their VPS in Digital Ocean. Despite the low load on the VPS, which is used only for a small business card site with only a few dozen visitors per day, the VPN service is extremely unstable, requiring reconnection 100 times especially in the evenings. The VPN is mainly needed for accessing platforms like Instagram and Twitter - there is no excessive downloading taking place.
I have already attempted to improve the stability of the connection by setting the buffers to zero and disabling encryption with little improvement. Is there anything else that can be done?
Here is the configuration file:
port 1194
proto udp
dev tun
user nobody
group nogroup
persist-key
persist-tun
keepalive 10 120
topology subnet
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "dhcp-option DNS ********.14"
push "dhcp-option DNS ********.15"
push "redirect-gateway def1 bypass-dhcp"
dh none
ecdh-curve prime256v1
tls-crypt tls-crypt.key
crl-verify crl.pem
ca ca.crt
cert server_********.crt
key server_********.key
auth none
#cipher AES-128-GCM
#ncp-ciphers AES-128-GCM
cipher none
tls-server
tls-version-min 1.2
tls-cipher TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
client-config-dir /etc/openvpn/ccd
status /var/log/openvpn/status.log
verb 3
#possible bandwidth increase
sndbuf 0
rcvbuf 0
push "sndbuf 524288"
push "rcvbuf 524288"
In addition to the suggested solutions, it may be helpful to consider upgrading to a higher performance VPS or exploring alternative VPN services that better suit the specific needs and usage of your loved ones.
Consider using "proto tcp" instead. This change must be made on both the client and server sides.
If the issue persists with UDP, perform a traceroute from the client to the server. On the client side, run the command "traceroute -n -U -p 55775 [IP address of server]". If this does not work, check the output of the command "iptables -Ln" on the server side.
It's worth noting that the specific OS being used is unclear, so it may also be helpful to check whether or not selinux is enabled as well.
Quote from: -DM- on Oct 03, 2022, 05:34 AMproto tcp
You need to do it on both the client and the server.
After changing the protocol and restarting the VPN
/etc/init.d/openvpn restart
VPN stopped working at all. Rolled it back ((
Chose and on the phone TCP, - still no connection (VPN restarted).
Quote from: -DM- on Oct 03, 2022, 05:34 AMis selinux used? :)
Yes.
Quote from: Edelweiss on Oct 03, 2022, 04:56 AMWhat else can I do?
Wireguard then.
https://www.wireguard.com
Fast and modern VPN, uses the most modern cryptography. Strives to be faster, simpler, more compact and useful than IPsec, without too much headache.
Empirically, it is more productive than OpenVPN.
Quote from: Edelweiss on Oct 03, 2022, 04:56 AMWhat else can I do?
Do not torture yourself and your loved ones. There are Inferno Solutions with out-of-the-box solutions for this purpose.
The asking price is $5 a month. Nothing lags, works fast. There are 10 profiles available.
Post Merge: Oct 03, 2022, 10:42 AM
Well, in this case: maybe you have something that creates a bunch of open sockets, which do not nail and clog the channel.
The channel to the server is sufficient?
I have 200 megabits, I think it's enough.
Quote from: Term on Oct 03, 2022, 09:30 AMWell, in this case: maybe you have something that creates a bunch of open sockets, which do not nail and clog the channel.
The channel to the server is sufficient?
And how do I check it? I looked through htop and saw that the process is eating no more than 3% of CPU and no more than 1% of memory. I have no lags at all in the morning. They are usually closer to the evening.
Quote from: Bronson on Oct 03, 2022, 07:23 AMWireguard then.
Thank you, that description sounds interesting.
I will definitely try Wireguard, but first I will solve this question.
I have noticed a similar issue with OpenVPN when my phone and computer are both connected to the VPN concurrently, causing the connection to slow down and constantly require reconnection. This conflict may occur due to the inability to operate efficiently from different devices simultaneously. Additionally, I am experiencing terrible lags and freezes specifically on Windows 7.
To remedy this problem, I have prescribed OpenVPN in the router and subsequently installed a router-specific app on my phone. This allows me to quickly disable or change the server as needed, resulting in a perfect connection. :D
It's important to note that while this solution worked for this specific case, it may not work for everyone. It is possible that other factors could be causing the connection issues and warrant additional troubleshooting steps.
You wrote that you are not the only user, right?
Maybe some device also has the VPN enabled at that moment, that's why there are all sorts of frustrations?
Quote from: -DM- on Oct 03, 2022, 12:02 PMMaybe some device also has the VPN enabled at that moment, that's why there are all sorts of frustrations?
Thanks for the good point, that sounds about right.
Wife on ipad often does not turn off the VPN and probably often get a connection from different devices.
I'll see what I can do.
Quote from: Edelweiss on Oct 03, 2022, 01:08 PMI'll see what I can do.
What is there to think about? ;) Thinking too much can give you a headache. :)
You have to do it. Issue a separate certificate for each person, and you will be happy and have peace at home. :) :) :)
There could be several reasons for the instability of your OpenVPN connection. Here are a few suggestions to try and improve its stability:
1. Check server resources: Ensure that the VPS has sufficient resources, such as CPU, memory, and bandwidth, to handle the VPN traffic along with the small business card site. DigitalOcean offers different plans, so you might consider upgrading to a higher-tier plan if necessary.
2. Optimize VPN configuration: Review the OpenVPN configuration file and ensure that it is properly optimized for your specific use case. You may find guidance on OpenVPN's dоcumentation or online forums to optimize the configuration based on your requirements.
3. Test different VPN protocols: OpenVPN supports various protocols, such as UDP and TCP. Try switching between them to see if one provides better stability. Sometimes, certain networks can cause issues with specific protocols, so experimenting with different options might help.
4. Modify firewall settings: Ensure that the VPS firewall is not overly restrictive and is allowing the necessary traffic for the VPN connection. Check if any firewall rules or security groups are interfering with the VPN traffic and adjust them accordingly.
5. Monitor network connectivity: Keep an eye on the network connectivity between your VPS and the clients. Tools like ping or traceroute can help identify any network connectivity issues. This information can be useful when troubleshooting or contacting the VPS provider's support team.
6. Contact DigitalOcean support: If the issue persists, it may be worth reaching out to DigitalOcean support for assistance. They can investigate further and provide recommendations specific to your setup.