I’m running a clean copy of the firmware and am struggling to get usable speeds out of OpenVPN. I’ve seen it go as high as 2mbps in both directions but usually it’s well below that.I’ve tried several of ExpressVPNs servers and get similar speed drop across all.
It’s worth noting that sometimes it connects flawlessly, other times OpenVPN seems to fail TLS handshake within 60 seconds. I can’t work out why but I assume this does not impact the speed once connected.
CPU utilisation on the device only just passes ~60% when running a speed test so I think there is room for improvement in terms of throughput. I’m sure it must be a configuration issue but I’m not a networking expert. Any advice?
mt300n
set up in WISP mode
Firmware: 2.261
Speedtests:
Router > Laptop = 12 / 6mbps consistently
Router > mt300n > Laptop (no vpn) = 11 / 5 mbps
Router > mt300n > Laptop (ExpressVPN app on laptop) = 11 / 5 mbps
Router > mt300n (openVPN) > Laptop = 1.5 / 1.5mbps
OVPN file config:
dev tun
fast-io
persist-key
persist-tun
nobind
remote usa-dallas-ca-version-2.expressnetw.com 1195
remote-random
pull
comp-lzo
tls-client
verify-x509-name Server name-prefix
ns-cert-type server
key-direction 1
route-method exe
route-delay 2
tun-mtu 1500
fragment 1300
mssfix 1450
verb 3
cipher AES-256-CBC
keysize 256
auth SHA512
sndbuf 524288
rcvbuf 524288
auth-user-pass
Here are the ExpressVPN APP logs from the laptop for comparison:
Mon Sep 25 13:56:54 2017 OpenVPN 2.3.14 i686-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on Feb 3 2017
Mon Sep 25 13:56:54 2017 Windows version 6.2 (Windows 8 or greater) 64bit
Mon Sep 25 13:56:54 2017 library versions: OpenSSL 1.0.2i 22 Sep 2016, LZO 2.09
Mon Sep 25 13:56:54 2017 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:18171
Mon Sep 25 13:56:54 2017 Control Channel Authentication: tls-auth using INLINE static key file
Mon Sep 25 13:56:54 2017 Outgoing Control Channel Authentication: Using 256 bit message hash ‘SHA256’ for HMAC authentication
Mon Sep 25 13:56:54 2017 Incoming Control Channel Authentication: Using 256 bit message hash ‘SHA256’ for HMAC authentication
Mon Sep 25 13:56:54 2017 Socket Buffers: R=[65536->524288] S=[65536->524288]
Mon Sep 25 13:56:54 2017 UDPv4 link local: [undef]
Mon Sep 25 13:56:54 2017 UDPv4 link remote: [AF_INET]96.44.143.195:26119
Mon Sep 25 13:56:54 2017 TLS: Initial packet from [AF_INET]96.44.143.195:26119, sid=a043a2e1 18268644
Mon Sep 25 13:56:54 2017 WARNING: this configuration may cache passwords in memory – use the auth-nocache option to prevent this
Mon Sep 25 13:56:54 2017 VERIFY OK: depth=1, C=VG, ST=BVI, O=ExpressVPN, OU=ExpressVPN, CN=ExpressVPN CA, emailAddress=support@expressvpn.com
Mon Sep 25 13:56:54 2017 VERIFY OK: nsCertType=SERVER
Mon Sep 25 13:56:54 2017 VERIFY X509NAME OK: C=VG, ST=BVI, O=ExpressVPN, OU=ExpressVPN, CN=Server-789-1a, emailAddress=support@expressvpn.com
Mon Sep 25 13:56:54 2017 VERIFY OK: depth=0, C=VG, ST=BVI, O=ExpressVPN, OU=ExpressVPN, CN=Server-789-1a, emailAddress=support@expressvpn.com
Mon Sep 25 13:56:55 2017 Data Channel Encrypt: Cipher ‘AES-256-CBC’ initialized with 256 bit key
Mon Sep 25 13:56:55 2017 Data Channel Encrypt: Using 256 bit message hash ‘SHA256’ for HMAC authentication
Mon Sep 25 13:56:55 2017 Data Channel Decrypt: Cipher ‘AES-256-CBC’ initialized with 256 bit key
Mon Sep 25 13:56:55 2017 Data Channel Decrypt: Using 256 bit message hash ‘SHA256’ for HMAC authentication
Mon Sep 25 13:56:55 2017 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Mon Sep 25 13:56:55 2017 [Server-789-1a] Peer Connection Initiated with [AF_INET]96.44.143.195:26119
Mon Sep 25 13:56:57 2017 SENT CONTROL [Server-789-1a]: ‘PUSH_REQUEST’ (status=1)
Mon Sep 25 13:56:57 2017 PUSH: Received control message: ‘PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 10.31.0.1,route 10.31.0.1,topology net30,ping 10,ping-restart 60,ifconfig 10.31.49.134 10.31.49.133’
Mon Sep 25 13:56:57 2017 OPTIONS IMPORT: timers and/or timeouts modified
Mon Sep 25 13:56:57 2017 OPTIONS IMPORT: --ifconfig/up options modified
Mon Sep 25 13:56:57 2017 OPTIONS IMPORT: route options modified
Mon Sep 25 13:56:57 2017 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Mon Sep 25 13:56:57 2017 ROUTE_GATEWAY 192.168.8.1/255.255.255.0 I=5 HWADDR=f4:8c:50:f8:2d:9d
Mon Sep 25 13:56:57 2017 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Mon Sep 25 13:56:57 2017 open_tun, tt->ipv6=0
Mon Sep 25 13:56:57 2017 TAP-WIN32 device [EXPVPN TAP] opened: \.\Global{7D151F12-4E94-484E-B206-770FCBB9224A}.tap
Mon Sep 25 13:56:57 2017 TAP-Windows Driver Version 9.22