You shouldn’t.
OpenVPN via TCP is pretty unusual and WireGuard does not even support it.
Gotcha. So what should I do?
Can’t tell, highly depends on the root cause.
Something appears to be odd.
Maybe it’s your ISP or the country you are in (if they do something like Iran for example)
That’s totally strange. Did you set the MTU on the router, the client or just the application?
What kind of ISP do you use?
I am in the Netherlands and my server is in Denver, so shouldn’t be any weird country security thing.
I set the MTU on my computer, I first used ping to see which ones don’t fragment, then I set my computer to that. Then when I check the ping again, it fragments.
My isp is Ziggo, which uses hybrid fiber coaxial I believe.
@admon I would have to disagree with you. I have been using OpenVPN over TCP for many years to get around UDP issues, and firewalls that block UDP. Running OpenVPN on port 443 gets around a lot of firewalls. It works great and is fully supported by GL iNet. If you are on travel, and you need things to work, why not use all the possible tools?
@digitalnomad On the client side, it is easy to configure OpenVPN clients to run UDP or TCP, along with having your Wireguard client configurations. The change between a UDP and TCP in an OpenVPN config file, is a one line change, where you change the line:
proto tcp
to
proto udp
GL iNet 4.x firmware was suppose to support multiple VPN servers, allowing you to setup both a Wireguard and OpenVPN servers, running at the same time. Due to the very poor support GL iNet has provided for 4.x firmware on older router models, I am using generic OpenWrt 23.05 to create a VPN server on a AR300M that supports Wireguard, OpenVPN, and SoftEther. I would recommend you ask support how to configure Wireguard and OpenVPN servers to both run on your router at your house.
I guess you can’t run it on TCP/443 without further knowledge because nginx will use this port already. So it will conflict with the GUI. You have to shift things then, which will cause having some modified system - which leads to lack of support because no one will support something customized.
So maybe this isn’t the best option then. My other guess is that there is some firewall stuff with my isp interfering. Maybe if I use my hotspot and then check the speeds to see if the problem is still there?
Update: it made no difference:(
Being able to move the GUI off of port 443, so you can use it as a OpenVPN port, was on the feature request list for 4.x. Not sure if and when it may happen.
I’m doing it by a port remap on the router that feeds my AR300M VPN server, so it comes in on port 443, but the AR300M is listening on a higher number port.