I have three Nethsecurity router instances in different locations. Each migrated from NS7.
Each have the same problem: connecting to a network share and transferring files is extremely slow, often interrupted through OpenVPN.
I have been trying to fix this for two weeks now without success, so any help or idea is much appreciated.
Each site worked without problem with the NS7 router.
When I restore the old NS7 router, connection to samba share works again.
Connect to vpn is working every time.
Connect to network share is almost every time working.
Browsing the network share is sometimes works, sometimes I have timeouts.
File transfer almost every time is interrupted except for very small files, or extremely slow. The transfer speed sometimes starts normal but degrades to the tens of kB/s range.
It doesn’t matter if I use a migrated roadwarrior configuration or create a new one.
The severity of the problem is seems to influenced by the following:
internet connection type on sites
operating system: linux clients sometimes work, windows clients always fails
client version: 2.5 seems to be better than 2.6
communication seems to be better without compression
Example:
Windows 11 OpenVPN 2.6 client through the worst performing internet connection: unable to connect to samba share, even unable to load websites (part of website is loaded, but interrupted).
Same with 2.5 client: web browsing is OK, connection to samba share working, but browsing the network share and file transfers slow or interrupted.
Linux OpenVPN 2.5 client with best performing internet connection: everything works almost every time. Big file transfer sometimes interrupted.
Again, after trying everything come up in my mind or I can find on internet, I restored the NS7 router and it was working with every client configuration, through every internet connection.
I found this issue. Could you please try to adjust some openvpn parameters as suggested by the openvpn manual (quote):
Therefore, one could lower the maximum UDP packet size to 1300 (a good first try for solving MTU-related connection problems) with the following options:
I tried playing with mtu values according to the documentation. I tried several different values, the values from your post too.
Makes some difference.
In cases when even web (http/s) traffic breaks, mtu lowering makes web traffic good, smb browsing mostly possible, but file transfer still imposible. File transfers are still interrupted or the transfer speed is very slow.
I know, that samba is highly affected by packet fragmentation.
What I don’t understand is that there are no problems with the NS7 router. And this is reproducible. On all sites the router running on a virtual machine. I have the original NS7 router images. If I restore it, OpenVPN works. If I start again the netsecurity instance, OpenVPN breaks. Every other factors unchanged.
I tried configurations that are essentially the same as the old NS7 openvpn configuration. The main difference that NS7 uses OpenVPN 2.4, while NethSecurity uses OpenVPN 2.6
I will manually upgrade the OpenVPN server to 2.6 on an NS7 image and see what happens.
I used tun-mtu option only on server side with the latest 2.6 windows client.
Like this on nethsecurity command line:
uci set openvpn.ns_roadwarrior1.tun_mtu='1340'
uci commit openvpn.ns_roadwarrior1
/etc/init.d/openvpn restart ns_roadwarrior1
The maximum usable mtu value were determined by ping tests. It’s different on each site. It is now slow but at usable speed and stable. On linux with 2.5 client there are still problems, but only with smb. Acceptable.
If I add fragment and/or mssfix option, it’s not working.
I’m really curious why the old NS7 router works without mtu tuning. And with about 3 times faster data transfer speed.