[Solved] Openwrt router behind unitymedia router - best practice?

asterios · October 3, 2018, 5:57am

Hello,

yesterday i got my unitymedia connect box. all works nice at the moment, but i don't get the higher speed rates on my linksys wrt32000acm like directly on the unitymedia connect box.

maybe i configured something wrong ?

via lan on the connect box the speed test tells me download rates about 409 MBits and up 20 MBits via lan or wireless i can get on the wrt 80MBits down and 20 MBits up.

the wrt is configured to tunnel all traffic trough a openvpn. it dosen't matter i use the openvpn or not, i always get this download speed results.

the openvpn is my own. hostet by netcup.de ( speed test on the openvpn server gives me a 960 MBits down and 600 MBits up)

the wrt gets its wan and wan6 configuration via dhcp from the connect box.

any ideas. thank you.

here a are my wrt configs:

root@OpenWrt:~# cat /etc/config/network 

config interface 'loopback'
	option ifname 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fde2:9af1:c3d4::/48'

config interface 'lan'
	option type 'bridge'
	option ifname 'eth0.1'
	option proto 'static'
	option ipaddr '192.168.1.1'
	option netmask '255.255.255.0'
	option ip6assign '60'

config interface 'wan'
	option ifname 'eth1.2'
	option proto 'dhcp'
	option peerdns '0'
	option dns '91.239.100.100 89.233.43.71'

config interface 'wan6'
	option ifname 'eth1.2'
	option proto 'dhcpv6'
	option reqaddress 'try'
	option reqprefix 'auto'
	option peerdns '0'
	option dns '2001:67c:28a4:: 2a01:3a0:53:53::'

config switch
	option name 'switch0'
	option reset '1'
	option enable_vlan '1'

config switch_vlan
	option device 'switch0'
	option vlan '1'
	option ports '0 1 2 3 5t'

config switch_vlan
	option device 'switch0'
	option vlan '2'
	option ports '4 6t'

config interface 'wwan'
	option proto 'dhcp'
	option auto '0'

config interface 'asterios_vpn'
	option proto 'none'
	option ifname 'tun0'

root@OpenWrt:~# cat /etc/config/firewall 

config defaults
	option syn_flood '1'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'REJECT'

config zone
	option name 'lan'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'ACCEPT'
	option network 'lan'

config zone
	option name 'wan'
	option input 'REJECT'
	option output 'ACCEPT'
	option forward 'REJECT'
	option masq '1'
	option mtu_fix '1'
	option network 'wan wan6 wwan'

config forwarding
	option src 'lan'
	option dest 'wan'

config rule
	option name 'Allow-DHCP-Renew'
	option src 'wan'
	option proto 'udp'
	option dest_port '68'
	option target 'ACCEPT'
	option family 'ipv4'

config rule
	option name 'Allow-Ping'
	option src 'wan'
	option proto 'icmp'
	option icmp_type 'echo-request'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-IGMP'
	option src 'wan'
	option proto 'igmp'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-DHCPv6'
	option src 'wan'
	option proto 'udp'
	option src_ip 'fc00::/6'
	option dest_ip 'fc00::/6'
	option dest_port '546'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-MLD'
	option src 'wan'
	option proto 'icmp'
	option src_ip 'fe80::/10'
	list icmp_type '130/0'
	list icmp_type '131/0'
	list icmp_type '132/0'
	list icmp_type '143/0'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Input'
	option src 'wan'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	list icmp_type 'router-solicitation'
	list icmp_type 'neighbour-solicitation'
	list icmp_type 'router-advertisement'
	list icmp_type 'neighbour-advertisement'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Forward'
	option src 'wan'
	option dest '*'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-IPSec-ESP'
	option src 'wan'
	option dest 'lan'
	option proto 'esp'
	option target 'ACCEPT'

config rule
	option name 'Allow-ISAKMP'
	option src 'wan'
	option dest 'lan'
	option dest_port '500'
	option proto 'udp'
	option target 'ACCEPT'

config include
	option path '/etc/firewall.user'

config zone
	option forward 'REJECT'
	option output 'ACCEPT'
	option name 'vpn_fw'
	option input 'REJECT'
	option masq '1'
	option network 'asterios_vpn'
	option mtu_fix '1'

config forwarding
	option dest 'vpn_fw'
	option src 'lan'

Screenshot-2018-10-3%20OpenWrt%20-%20Overview%20-%20LuCI

fuller · October 3, 2018, 9:34am

this sounds a bit strange, because your router should max out at around 80mbps with openvpn. so you should see an improvement without.
wireguard may be faster.

have you enabled sqm on the wrt? try disabling it.
again; your router is not fast enough for additional work at 400mbps

unitymedia is probably running native ipv6, so check ipv6 connectivity to/at your server.

asterios · October 4, 2018, 7:59am

yes it is strange,

i changed the lan cable.... now i got without vpn ~250MBits and with ~100 MBits...

i didn't changed something in the config.

sqm is disabled.

fuller · October 4, 2018, 8:42am

lol - i somehow suspected but was afraid to suggest it.
label that cable or better yet, trash it rightaway

now to why 250 instead of 400;
login to the router and have a look in the idle % and soft_irq % stats in top while doing a speedtest

Frood42 · October 4, 2018, 10:59am

Regarding speed I might not be able to help - but regarding UM, I am curious about the prefix delegated: /62
Would you let me / us know if this is a business or a regular end user rate you have?

Regarding DHCPv4: I set a static IP on WAN (and DHCPv4 = off on cable box) because with dhcp on the connect box and on the OpenWrt router I had some double nat "issues".

asterios · October 4, 2018, 1:48pm

i sell it on ebay..... just kidding.

idle % 84 and sirq % 20.... result 246 MBits

asterios · October 4, 2018, 1:49pm

hi,

it is a regular rate 2 play 400...

thank you.

asterios · December 27, 2018, 8:20am

solved. all works nice and fast since the last openwrt updates.

system · January 6, 2019, 8:20am

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.