My ping without the VPN router is 18 ms but with the router it goes to 22 ms, only with the configuration of some VPNs it is reduced to 18 ms, my question is what configuration can I apply to reduce the ping to the maximum with this type of routers, by the way, I have an Intel N100 processor, in terms of performance, I can't complain, there is something wrong with the configuration.
Thanks for your furious responses.
Ping to where? What's the VPN router? What's the network setup?
Please run the following commands (copy-paste the whole block) and paste the output here, using the "Preformatted text </> " button:
Remember to redact passwords, MAC addresses and any public IP addresses you may have.
ubus call system board; \
uci export network; uci export wireless; \
uci export dhcp; uci export firewall; \
head -n -0 /etc/firewall.user; \
iptables-save -c; ip6tables-save -c; nft list ruleset; \
ip -4 addr ; ip -4 ro li tab all ; ip -4 ru; \
ip -6 addr ; ip -6 ro li tab all ; ip -6 ru; \
ls -l /etc/resolv.* /tmp/resolv.* /tmp/resolv.*/* ; head -n -0 /etc/resolv.* /tmp/resolv.* /tmp/resolv.*/*
18 ms and 22 ms are likely statistically identical. 18 ms and 54 ms are probably different.
2 Likes
"kernel": "5.15.127",
"hostname": "OpenWrt",
"system": "Intel(R) N100",
"model": "Default string Default string",
"board_name": "default-string-default-string",
"rootfs_type": "ext4",
"release": {
"distribution": "OpenWrt",
"version": "23.05.0-rc3",
"revision": "r23389-5deed175a5",
"target": "x86/64",
"description": "OpenWrt 23.05.0-rc3 r23389-5deed175a5"
}
}
package network
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fdce:93cb:4262::/48'
config device
option name 'br-lan'
option type 'bridge'
list ports 'eth0'
option ipv6 '0'
config interface 'lan'
option device 'br-lan'
option proto 'static'
option ipaddr '192.168.1.1'
option netmask '255.255.255.0'
option delegate '0'
config interface 'wan'
option device 'eth1'
option proto 'dhcp'
option peerdns '0'
list dns '1.1.1.1'
list dns '1.0.0.1'
config interface 'lan1'
option proto 'static'
option device 'eth2'
list ipaddr '192.168.2.1/24'
config interface 'nordvpntun'
option proto 'none'
option device 'tun0'
config interface 'madrid'
option proto 'wireguard'
option private_key 'x'
list addresses '10.14.0.2/16'
list dns '162.252.172.57'
list dns '149.154.159.92'
option auto '0'
config wireguard_madrid
option description 'peer'
option public_key 'x'
list allowed_ips '0.0.0.0/0'
option route_allowed_ips '1'
option endpoint_host 'es-mad.prod.surfshark.com'
option endpoint_port '51820'
option persistent_keepalive '25'
config interface 'londres'
option proto 'wireguard'
option auto '0'
option private_key 'x'
list addresses '10.14.0.2/16'
list dns '162.252.172.57'
list dns '149.154.159.92'
config wireguard_londres
option description 'peer1'
option public_key 'x'
list allowed_ips '0.0.0.0/0'
option route_allowed_ips '1'
option endpoint_host '89.37.93.123'
option endpoint_port '51820'
option persistent_keepalive '25'
config interface 'proton_es28'
option proto 'wireguard'
option auto '0'
option private_key 'x'
list addresses '10.2.0.2/32'
list dns '10.2.0.1'
config wireguard_proton_es28
option description 'wg-ES-28.conf'
option public_key 'x'
list allowed_ips '0.0.0.0/0'
option endpoint_host '37.19.214.1'
option endpoint_port '51820'
option route_allowed_ips '1'
option persistent_keepalive '25'
config interface 'proton_es29'
option proto 'wireguard'
option private_key 'x'
list addresses '10.2.0.2/32'
list dns '10.2.0.1'
option auto '0'
config wireguard_proton_es29
option description 'wg-ES-29.conf'
option public_key 'x'
list allowed_ips '0.0.0.0/0'
option endpoint_host '37.19.214.1'
option endpoint_port '51820'
option route_allowed_ips '1'
option persistent_keepalive '25'
uci: Entry not found
package dhcp
config dnsmasq
option domainneeded '1'
option boguspriv '1'
option filterwin2k '0'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option nonegcache '0'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
option nonwildcard '1'
option localservice '1'
option ednspacket_max '1232'
config dhcp 'lan'
option interface 'lan'
option start '100'
option limit '150'
option dhcpv4 'server'
option dhcpv6 'server'
option ra 'server'
list ra_flags 'managed-config'
list ra_flags 'other-config'
option leasetime '365d'
config dhcp 'wan'
option interface 'wan'
option ignore '1'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
option loglevel '4'
config dhcp 'lan1'
option interface 'lan1'
option start '100'
option limit '150'
option leasetime '365d'
package firewall
config defaults
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
option synflood_protect '1'
config zone
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
list network 'lan'
list network 'lan1'
config zone
option name 'wan'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
list network 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config zone
option name 'openvpn'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
list network 'nordvpntun'
config forwarding
option src 'lan'
option dest 'openvpn'
config zone
option name 'surfshark'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
list network 'londres'
list network 'madrid'
config forwarding
option src 'lan'
option dest 'surfshark'
config include 'pbr'
option fw4_compatible '1'
option type 'script'
option path '/usr/share/pbr/pbr.firewall.include'
config zone
option name 'proton'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
list network 'proton_es28'
list network 'proton_es29'
config forwarding
option src 'lan'
option dest 'proton'
head: /etc/firewall.user: No such file or directory
-ash: ip6tables-save: not found
table inet fw4 {
chain input {
type filter hook input priority filter; policy accept;
iifname "lo" accept comment "!fw4: Accept traffic from loopback"
ct state established,related accept comment "!fw4: Allow inbound established and related flows"
tcp flags syn / fin,syn,rst,ack jump syn_flood comment "!fw4: Rate limit TCP syn packets"
iifname { "eth2", "br-lan" } jump input_lan comment "!fw4: Handle lan IPv4/IPv6 input traffic"
iifname "eth1" jump input_wan comment "!fw4: Handle wan IPv4/IPv6 input traffic"
iifname "tun0" jump input_openvpn comment "!fw4: Handle openvpn IPv4/IPv6 input traffic"
}
chain forward {
type filter hook forward priority filter; policy drop;
ct state established,related accept comment "!fw4: Allow forwarded established and related flows"
iifname { "eth2", "br-lan" } jump forward_lan comment "!fw4: Handle lan IPv4/IPv6 forward traffic"
iifname "eth1" jump forward_wan comment "!fw4: Handle wan IPv4/IPv6 forward traffic"
iifname "tun0" jump forward_openvpn comment "!fw4: Handle openvpn IPv4/IPv6 forward traffic"
jump handle_reject
}
chain output {
type filter hook output priority filter; policy accept;
oifname "lo" accept comment "!fw4: Accept traffic towards loopback"
ct state established,related accept comment "!fw4: Allow outbound established and related flows"
oifname { "eth2", "br-lan" } jump output_lan comment "!fw4: Handle lan IPv4/IPv6 output traffic"
oifname "eth1" jump output_wan comment "!fw4: Handle wan IPv4/IPv6 output traffic"
oifname "tun0" jump output_openvpn comment "!fw4: Handle openvpn IPv4/IPv6 output traffic"
}
chain prerouting {
type filter hook prerouting priority filter; policy accept;
iifname { "eth2", "br-lan" } jump helper_lan comment "!fw4: Handle lan IPv4/IPv6 helper assignment"
}
chain handle_reject {
meta l4proto tcp reject with tcp reset comment "!fw4: Reject TCP traffic"
reject comment "!fw4: Reject any other traffic"
}
chain syn_flood {
limit rate 25/second burst 50 packets return comment "!fw4: Accept SYN packets below rate-limit"
drop comment "!fw4: Drop excess packets"
}
chain input_lan {
jump accept_from_lan
}
chain output_lan {
jump accept_to_lan
}
chain forward_lan {
jump accept_to_openvpn comment "!fw4: Accept lan to openvpn forwarding"
jump accept_to_surfshark comment "!fw4: Accept lan to surfshark forwarding"
jump accept_to_proton comment "!fw4: Accept lan to proton forwarding"
jump reject_to_lan
}
chain helper_lan {
}
chain accept_from_lan {
iifname { "eth2", "br-lan" } counter packets 2322 bytes 159703 accept comment "!fw4: accept lan IPv4/IPv6 traffic"
}
chain accept_to_lan {
oifname { "eth2", "br-lan" } counter packets 22 bytes 2604 accept comment "!fw4: accept lan IPv4/IPv6 traffic"
}
chain reject_to_lan {
oifname { "eth2", "br-lan" } counter packets 0 bytes 0 jump handle_reject comment "!fw4: reject lan IPv4/IPv6 traffic"
}
chain input_wan {
meta nfproto ipv4 udp dport 68 counter packets 3 bytes 984 accept comment "!fw4: Allow-DHCP-Renew"
icmp type echo-request counter packets 0 bytes 0 accept comment "!fw4: Allow-Ping"
meta nfproto ipv4 meta l4proto igmp counter packets 479 bytes 17244 accept comment "!fw4: Allow-IGMP"
meta nfproto ipv6 udp dport 546 counter packets 0 bytes 0 accept comment "!fw4: Allow-DHCPv6"
ip6 saddr fe80::/10 icmpv6 type . icmpv6 code { mld-listener-query . no-route, mld-listener-report . no-route, mld-listener-done . no-route, mld2-listener-report . no-route } counter packets 0 bytes 0 accept comment "!fw4: Allow-MLD"
icmpv6 type { destination-unreachable, time-exceeded, echo-request, echo-reply, nd-router-solicit, nd-router-advert } limit rate 1000/second counter packets 0 bytes 0 accept comment "!fw4: Allow-ICMPv6-Input"
icmpv6 type . icmpv6 code { packet-too-big . no-route, parameter-problem . no-route, nd-neighbor-solicit . no-route, nd-neighbor-advert . no-route, parameter-problem . admin-prohibited } limit rate 1000/second counter packets 0 bytes 0 accept comment "!fw4: Allow-ICMPv6-Input"
jump reject_from_wan
}
chain output_wan {
jump accept_to_wan
}
chain forward_wan {
icmpv6 type { destination-unreachable, time-exceeded, echo-request, echo-reply } limit rate 1000/second counter packets 0 bytes 0 accept comment "!fw4: Allow-ICMPv6-Forward"
icmpv6 type . icmpv6 code { packet-too-big . no-route, parameter-problem . no-route, parameter-problem . admin-prohibited } limit rate 1000/second counter packets 0 bytes 0 accept comment "!fw4: Allow-ICMPv6-Forward"
meta l4proto esp counter packets 0 bytes 0 jump accept_to_lan comment "!fw4: Allow-IPSec-ESP"
udp dport 500 counter packets 0 bytes 0 jump accept_to_lan comment "!fw4: Allow-ISAKMP"
jump reject_to_wan
}
chain accept_to_wan {
meta nfproto ipv4 oifname "eth1" ct state invalid counter packets 0 bytes 0 drop comment "!fw4: Prevent NAT leakage"
oifname "eth1" counter packets 2 bytes 656 accept comment "!fw4: accept wan IPv4/IPv6 traffic"
}
chain reject_from_wan {
iifname "eth1" counter packets 217 bytes 46804 jump handle_reject comment "!fw4: reject wan IPv4/IPv6 traffic"
}
chain reject_to_wan {
oifname "eth1" counter packets 0 bytes 0 jump handle_reject comment "!fw4: reject wan IPv4/IPv6 traffic"
}
chain input_openvpn {
jump reject_from_openvpn
}
chain output_openvpn {
jump accept_to_openvpn
}
chain forward_openvpn {
jump reject_to_openvpn
}
chain accept_to_openvpn {
meta nfproto ipv4 oifname "tun0" ct state invalid counter packets 4351 bytes 221575 drop comment "!fw4: Prevent NAT leakage"
oifname "tun0" counter packets 36689 bytes 5333001 accept comment "!fw4: accept openvpn IPv4/IPv6 traffic"
}
chain reject_from_openvpn {
iifname "tun0" counter packets 662 bytes 29018 jump handle_reject comment "!fw4: reject openvpn IPv4/IPv6 traffic"
}
chain reject_to_openvpn {
oifname "tun0" counter packets 0 bytes 0 jump handle_reject comment "!fw4: reject openvpn IPv4/IPv6 traffic"
}
chain input_surfshark {
jump reject_from_surfshark
}
chain output_surfshark {
jump accept_to_surfshark
}
chain forward_surfshark {
jump reject_to_surfshark
}
chain accept_to_surfshark {
}
chain reject_from_surfshark {
}
chain reject_to_surfshark {
}
chain input_proton {
jump reject_from_proton
}
chain output_proton {
jump accept_to_proton
}
chain forward_proton {
jump reject_to_proton
}
chain accept_to_proton {
}
chain reject_from_proton {
}
chain reject_to_proton {
}
chain dstnat {
type nat hook prerouting priority dstnat; policy accept;
}
chain srcnat {
type nat hook postrouting priority srcnat; policy accept;
oifname "eth1" jump srcnat_wan comment "!fw4: Handle wan IPv4/IPv6 srcnat traffic"
oifname "tun0" jump srcnat_openvpn comment "!fw4: Handle openvpn IPv4/IPv6 srcnat traffic"
}
chain srcnat_wan {
meta nfproto ipv4 masquerade comment "!fw4: Masquerade IPv4 wan traffic"
}
chain srcnat_openvpn {
meta nfproto ipv4 masquerade comment "!fw4: Masquerade IPv4 openvpn traffic"
}
chain srcnat_surfshark {
meta nfproto ipv4 masquerade comment "!fw4: Masquerade IPv4 surfshark traffic"
}
chain srcnat_proton {
meta nfproto ipv4 masquerade comment "!fw4: Masquerade IPv4 proton traffic"
}
chain raw_prerouting {
type filter hook prerouting priority raw; policy accept;
}
chain raw_output {
type filter hook output priority raw; policy accept;
}
chain mangle_prerouting {
type filter hook prerouting priority mangle; policy accept;
jump pbr_prerouting comment "Jump into pbr prerouting chain"
}
chain mangle_postrouting {
type filter hook postrouting priority mangle; policy accept;
jump pbr_postrouting comment "Jump into pbr postrouting chain"
}
chain mangle_input {
type filter hook input priority mangle; policy accept;
jump pbr_input comment "Jump into pbr input chain"
}
chain mangle_output {
type route hook output priority mangle; policy accept;
jump pbr_output comment "Jump into pbr output chain"
}
chain mangle_forward {
type filter hook forward priority mangle; policy accept;
iifname "eth1" tcp flags syn tcp option maxseg size set rt mtu comment "!fw4: Zone wan IPv4/IPv6 ingress MTU fixing"
oifname "eth1" tcp flags syn tcp option maxseg size set rt mtu comment "!fw4: Zone wan IPv4/IPv6 egress MTU fixing"
iifname "tun0" tcp flags syn tcp option maxseg size set rt mtu comment "!fw4: Zone openvpn IPv4/IPv6 ingress MTU fixing"
oifname "tun0" tcp flags syn tcp option maxseg size set rt mtu comment "!fw4: Zone openvpn IPv4/IPv6 egress MTU fixing"
jump pbr_forward comment "Jump into pbr forward chain"
}
chain pbr_forward {
}
chain pbr_input {
}
chain pbr_output {
}
chain pbr_prerouting {
}
chain pbr_postrouting {
}
chain pbr_mark_0x010000 {
counter packets 0 bytes 0 meta mark set meta mark & 0xff01ffff | 0x00010000
return
}
chain pbr_mark_0x020000 {
counter packets 0 bytes 0 meta mark set meta mark & 0xff02ffff | 0x00020000
return
}
chain pbr_mark_0x030000 {
counter packets 0 bytes 0 meta mark set meta mark & 0xff03ffff | 0x00030000
return
}
chain pbr_mark_0x040000 {
counter packets 0 bytes 0 meta mark set meta mark & 0xff04ffff | 0x00040000
return
}
chain pbr_mark_0x050000 {
counter packets 0 bytes 0 meta mark set meta mark & 0xff05ffff | 0x00050000
return
}
chain pbr_mark_0x060000 {
counter packets 0 bytes 0 meta mark set meta mark & 0xff06ffff | 0x00060000
return
}
}
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
inet 192.168.0.11/24 brd 192.168.0.255 scope global eth1
valid_lft forever preferred_lft forever
4: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
inet 192.168.2.1/24 brd 192.168.2.255 scope global eth2
valid_lft forever preferred_lft forever
19: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
inet 192.168.1.1/24 brd 192.168.1.255 scope global br-lan
valid_lft forever preferred_lft forever
42: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UNKNOWN group default qlen 500
inet 10.8.0.15/16 scope global tun0
valid_lft forever preferred_lft forever
default via 192.168.0.1 dev eth1 table pbr_wan
192.168.1.0/24 dev br-lan table pbr_wan proto kernel scope link src 192.168.1.1
192.168.2.0/24 dev eth2 table pbr_wan proto kernel scope link src 192.168.2.1
default via 10.8.0.15 dev tun0 table pbr_nordvpntun
192.168.1.0/24 dev br-lan table pbr_nordvpntun proto kernel scope link src 192.168.1.1
192.168.2.0/24 dev eth2 table pbr_nordvpntun proto kernel scope link src 192.168.2.1
unreachable default table pbr_madrid
192.168.1.0/24 dev br-lan table pbr_madrid proto kernel scope link src 192.168.1.1
192.168.2.0/24 dev eth2 table pbr_madrid proto kernel scope link src 192.168.2.1
unreachable default table pbr_londres
192.168.1.0/24 dev br-lan table pbr_londres proto kernel scope link src 192.168.1.1
192.168.2.0/24 dev eth2 table pbr_londres proto kernel scope link src 192.168.2.1
unreachable default table pbr_proton_es28
192.168.1.0/24 dev br-lan table pbr_proton_es28 proto kernel scope link src 192.168.1.1
192.168.2.0/24 dev eth2 table pbr_proton_es28 proto kernel scope link src 192.168.2.1
unreachable default table pbr_proton_es29
192.168.x.x/24 dev br-lan table pbr_proton_es29 proto kernel scope link src 192.168.1.1
192.168.x.x/24 dev eth2 table pbr_proton_es29 proto kernel scope link src 192.168.2.1
192.168.x.x/24 dev br-lan table 262 proto kernel scope link src 192.168.1.1
192.168.x.x/24 dev eth2 table 262 proto kernel scope link src 192.168.2.1
0.0.0.0/1 via 10.8.0.1 dev tun0
default via 192.168.0.1 dev eth1 proto static src 192.168.0.11
10.8.0.0/16 dev tun0 proto kernel scope link src 10.8.0.15
128.0.0.0/1 via 10.8.0.1 dev tun0
149.102.236.35 via 192.168.0.1 dev eth1
185.76.11.22 via 192.168.0.1 dev eth1 proto static
192.168.x.x/24 dev eth1 proto kernel scope link src 192.168.0.11
192.168.x.x/24 dev br-lan proto kernel scope link src 192.168.1.1
192.168.x.x/24 dev eth2 proto kernel scope link src 192.168.2.1
local 10.8.0.15 dev tun0 table local proto kernel scope host src 10.8.0.15
broadcast 10.8.255.255 dev tun0 table local proto kernel scope link src 10.8.0.15
local 127.0.0.0/8 dev lo table local proto kernel scope host src 127.0.0.1
local 127.0.0.1 dev lo table local proto kernel scope host src 127.0.0.1
broadcast 127.255.255.255 dev lo table local proto kernel scope link src 127.0.0.1
local 192.168.0.11 dev eth1 table local proto kernel scope host src 192.168.0.11
broadcast 192.168.0.255 dev eth1 table local proto kernel scope link src 192.168.0.11
local 192.168.1.1 dev br-lan table local proto kernel scope host src 192.168.1.1
broadcast 192.168.1.255 dev br-lan table local proto kernel scope link src 192.168.1.1
local 192.168.2.1 dev eth2 table local proto kernel scope host src 192.168.2.1
broadcast 192.168.2.255 dev eth2 table local proto kernel scope link src 192.168.2.1
0: from all lookup local
30000: from all fwmark 0x10000/0xff0000 lookup pbr_wan
30001: from all fwmark 0x20000/0xff0000 lookup pbr_nordvpntun
30002: from all fwmark 0x30000/0xff0000 lookup pbr_madrid
30003: from all fwmark 0x40000/0xff0000 lookup pbr_londres
30004: from all fwmark 0x50000/0xff0000 lookup pbr_proton_es28
30005: from all fwmark 0x60000/0xff0000 lookup pbr_proton_es29
30006: from all fwmark 0x70000/0xff0000 lookup 262
32766: from all lookup main
32767: from all lookup default
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 state UNKNOWN qlen 1000
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
inet6 fe80::2e2:59ff:fe00:921b/64 scope link
valid_lft forever preferred_lft forever
4: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
inet6 fe80::2e2:59ff:fe00:921c/64 scope link
valid_lft forever preferred_lft forever
42: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 state UNKNOWN qlen 500
inet6 fe80::9125:f59:3740:e731/64 scope link stable-privacy
valid_lft forever preferred_lft forever
unreachable fdce:93cb:4262::/48 dev lo proto static metric 2147483647 pref medium
fe80::/64 dev eth1 proto kernel metric 256 pref medium
fe80::/64 dev eth2 proto kernel metric 256 pref medium
fe80::/64 dev tun0 proto kernel metric 256 pref medium
local ::1 dev lo table local proto kernel metric 0 pref medium
anycast fe80:: dev eth1 table local proto kernel metric 0 pref medium
anycast fe80:: dev eth2 table local proto kernel metric 0 pref medium
anycast fe80:: dev tun0 table local proto kernel metric 0 pref medium
local fe80::2e2:59ff:fe00:921b dev eth1 table local proto kernel metric 0 pref medium
local fe80::2e2:59ff:fe00:921c dev eth2 table local proto kernel metric 0 pref medium
local fe80::9125:f59:3740:e731 dev tun0 table local proto kernel metric 0 pref medium
multicast ff00::/8 dev eth1 table local proto kernel metric 256 pref medium
multicast ff00::/8 dev eth2 table local proto kernel metric 256 pref medium
multicast ff00::/8 dev tun0 table local proto kernel metric 256 pref medium
0: from all lookup local
32766: from all lookup main
lrwxrwxrwx 1 root root 16 Aug 19 16:01 /etc/resolv.conf -> /tmp/resolv.conf
-rw-r--r-- 1 root root 47 Sep 2 19:50 /tmp/resolv.conf
-rw-r--r-- 1 root root 54 Sep 2 19:50 /tmp/resolv.conf.d/resolv.conf.auto
/tmp/resolv.conf.d:
-rw-r--r-- 1 root root 54 Sep 2 19:50 resolv.conf.auto
==> /etc/resolv.conf <==
search lan
nameserver 127.0.0.1
nameserver ::1
==> /tmp/resolv.conf <==
search lan
nameserver 127.0.0.1
nameserver ::1
==> /tmp/resolv.conf.d <==
head: /tmp/resolv.conf.d: I/O error
==> /tmp/resolv.conf.d/resolv.conf.auto <==
# Interface wan
nameserver 1.1.1.1
nameserver 1.0.0.1
The problem is not with vpn but without it with vpn I get 18ms,
but if I remove it it goes up to 22 to 24 ms minimum then it's configuration.
And in the games I play you can see that difference.
I use nordvpn on openvpn.Unloaded ping is whatever your ISP provides. To the best of my knowledge, there isn't anything you can run to improve it. Perhaps you could make sure new, high quality cables are used from the ISP connect to your node in an attempt to maximize the SNR. Maybe others can comment.
Reference:
That might be a case where your ISP's routing to towards the remote-endpoints you ping is simply worse than the combined routing from your ISP to the VPN hoster and from there to the end-point. VPNs are one of the few ways with which end-users can try to change their routing....
Maybe post the output of:
mtr -ezb4w -c 120 ${THE-IP_ADDRESS_YOU_PINGED_BEFORE}
or for IPv6:
mtr -ezb6w -c 120 ${THE-IP_ADDRESS_YOU_PINGED_BEFORE}
once bare-metal and once through your VPN, that might actually show some hallmarks of different routes....
You can check the CPU governors to make sure it's on performance or change the scaling freq. if it's ondemand. On some routers you get see significant gains in ping, DNS, etc (like the Linksys MR8300)