Seems a problem of mtu. Can you check the vpn mtu lower?
I have it set at 1280. What number do you suggest? Also, should this be set on 4gLTE config or WireGuard VPN Client settings?? Or both?
Edit: tried 1080, 880 for MTU - neither helped.
4G should set as 1428
Wireguard 1380
Just tried with these MTUs, didn’t work.
Here’s another data point: I have Inseego M2000 with TTL mod and it has exact same issue as GL-Inet Puli. When I configure OpenVPN client on M2000 device, speed crawls to 200KB/s. Inseego also runs OpeWRT. If I use M2000 w/out VPN and use that as tethering device and configure VPN on Gl-Inet Beryl or Puli, there’s no throttling.
Within the OpenWRT system, there’s some leak when 4g/5g and VPN are on ‘same’ device, T-Mobile targets and throttles.
I am more than sure it is mtu problem. But I cannot find a way to debug.
I’ve tried all settings from 800 to 1300 at 100 increments for MTU in 4G and Wireguard Client VPN settings. I’ve found no improvment. It’s stuck at 200kb/s.
What were the mtu settings you use for vpn and 4G at the same time?
I have some success 
I tried 1000 MTU on 4G and 800 MTU on WireGuard and started getting 8mbps up and 7mbps down. I am very pleased with this result. Earlier, I was trying setting both MTU to 800, 900, 1000 etc and it wasn’t working.
Thanks to your intuition, it was a MTU problem. Now I just need to calibrate the MTU to best speeds possible. I will have to further play with numbers, but I can perfectly live with these speeds for my use case. Thank you so much. Seems Puli likes much smaller MTU numbers with T-mobile and gap between 4G MTU and Witeguard MTU has to be large.
Any idea how to setup MTU for OpenVPN?
Carrier mtu should be 1428 or lower.
The gap between 4G and vpn mtu should be 48 and higher. So pls try 1428 and 1380. If not working adjust both slightly lower and bigger gap.
Pls also note vpn client should use lower mtu than vpn server, if you know the value.
OpenVPN should be able to set mtu in the vpn dashboard if you use firmware 4.x.
I think I may have set MTU setting on VPN servers really low (1280 - I don’t remember). That maybe why i am having issues with numbers you are suggesting (1428 and 1380) on client side and (1100 and 1000) are working. I will be traveling back to where the VPN server is next month and change the MTU value. I will set VPN servers to 1500 MTU next month and then I will try 1428 and 1380. Regardless, I’m good for now so thank you so much. Can’t wait for Puli AX product. Keep up the good work!
1 Like
Hello everyone, hope everybody is doing ok, I was thinking of creating a new post, I’d continue with this thread since it is also related, I have both MT1300 and AR750S, on the 3.216 firmware I was able to just copy/paste it under custom firewall rules but on 4.3.2 B1 firmware the interface is totally different, any idea on how to do it? thanks!. This is my first posr so take it easy on me , still learning openwrt.
OpenWrt 22.03 changed a lot. To set up ttl in OpenWrt 22.03, pls use the following command
mkdir -p /usr/share/nftables.d/chain-pre/mangle_postrouting/
echo "ip ttl set 65" > /usr/share/nftables.d/chain-pre/mangle_postrouting/01-set-tt
l.nft
fw4 reload
The above command set ttl 65 to all interfaces
4 Likes
buenos dias tengo un rauter AR300M16 quiero compartir internet ilimitado desde mi moden 3hs pegue es la linea iptables -t mangle -I POSTROUTING 1 -j TTL --ttl-set 65 , pero sigue consumiendo datos de compartir, me pueden ayudar por favor
Want to inform TTL 65 doesn’t help get hotspot internet on ar300m and mt300v2 version 4 beta firmware (firewall fw4)
even if I set TTL 65 in modem manual configuration and also followed the new commands provided by alzhao
Checked mt3000 which has firewall fw3 works fine
I signed up to thank you for this. Excellent work!
1 Like
When I put this this command “iptables -t mangle -I POSTROUTING 1 -j TTL --ttl-set 65” into firewall - custom rules, it doesn’t work. I ping the router and my ttl still shows as 64. I have the Beryl AX running firmware 4.5.0 beta right now, which is based on openwrt 21.02.
Any idea what I’m doing wrong?
I believe the custom rules are firewall4, only for nftables.
But if I’m correct in the gl firmware they already added a rule for firewall.user put it in there, its located in /etc/firewall.user, though i find the documentation poorly explained about this part, but i believe this file still would work with iptables, so my guess is: please try it
If not you need this snippet in your firewall config:
config include
option path '/etc/firewall.user'
option reload '1'
^ you may need one extra option telling its not compatible with fw4 or something i believe, perhaps my link to the documentation shows it.
1 Like
1 Like
Thank you. Installing those two plugins allowed that firewall custom rule to work on changing my TTL to 65. However, looks like connecting my computer to my Beryl AX with this TTL change, connected to my phone’s T-Mobile hotspot, does not seem to bypass the speed throttling. Anyone else have any thoughts on how to bypass T-mobile’s hotspot speed throttling with the Beryl AX?