Hi,
testing with iphone on 4g with openvpn client, to my openvpn server on my router, and my internet speed is reduced a lot. My broadband isn't fast, but the speed is reduced with 66%.
Openvpn server:
verb 3
user nobody
group nogroup
dev tun0
port 1194
proto udp
server 192.168.8.0 255.255.255.0
topology subnet
client-to-client
keepalive 10 120
persist-tun
persist-key
push "dhcp-option DNS 192.168.8.1"
push "dhcp-option DOMAIN lan"
push "redirect-gateway def1"
push "persist-tun"
push "persist-key"
<dh>
Client config
verb 3
dev tun
nobind
client
remote myddnsip.com 1194 udp
auth-nocache
remote-cert-tls server
I've not done anything with the vpn config but followed the guidelines.
So long story short - CPU is underpowered and OpenVPN usage slows down CPU.
Long story. On cheap routers CPU is responsible for everything - NAT, Wifi AES encryption and lot of other things. Since internet speed is < 100 Mbps then CPU is sufficient for that tasks everything is OK. Manufacturer guaranteed that everything will work almost perfect.
Now you make a change to your router adding OpenVPN. Usual latest versions of OpenVPN using AES for encryption/decryption. To be more correct it should be AES-128-GCM or AES-256-GCM. And they're painful slow on most of router CPU (those with MIPS architecture - like 80% of current home routers). In result only OpenVPN make usage of CPU to be near 100%. But if you remember before same CPU (oh, new surprise! CPU is single core and near 500 MHz) is responsible for NAT and Wifi Encryption (also AES) then CPU became bottleneck for everything.
That's why it's normal to see that your internet speed is halfed. If you wish to get more then you can:
change router with more powerful. Like one with duo or quad core ARMs with OpenWRT support
use Raspberry Pi or derivate just for OpenVPN. You can install OpenWRT there too or just regular Linux like DietPi and then to install PiVPN.
Since ARM routers are little bit expensive for mine tasks i get Raspberry Pi and load there also something different Linux packages.
Switching to Wireguard should at least increase your throughput, even on weak (MIPS) hardware. So that's a quick win without needing to purchase a more powerful router.
Ok thanks for your answers! I knew that it could be the cpu but didn't think it would affect the speed so much when my speed is so low in the beginning..
i have the the Linksys wrt1900acs v1, https://www.linksys.com/us/p/P-WRT1900ACS/
It's a few years old but does have a "1.6 GHz dual-core processor".
Is there a good way to view the performance or load on my router, for instance when running the speedtest? I think I've done this with putty some time ago
Your WRT1900ACS is one of the "more powerful" devices mentioned above. It should be able to pull off 36 (AES-256) to 45 (AES-128) mbps for OpenVPN -- at least if these benchmark values are to be believed.
I rather see the problem with your 4G connection. There seem to be a lot of variables there that can hurt the performance, most of them very little explored. UDP over 4G seems to be a factor (TCP seems to be faster), traffic shaping by the mobile ISP is another possibility, and there's also latency and packet sizes to consider. 4G is not an ideal "permanent, physical line" after all. Lots of different things to try and tweak, with precious little reliable information unfortunately.
I'm sure you don't need this particular advice and were able to think of it yourself, but go ahead and google for "OpenVPN 4G optimization" or similar, there's a few stray pages and forum posts dealing with the issue, with different approaches and settings tweaks. It is probably not an issue with OpenWrt on your router, but rather with OpenVPN settings on your server or on your client.
When you run a VPN server at home you're using the upload side of the modem to send out to the "road warrior" phone. So you're never going to get more than 10 Mbps with that connection.
