[HC2] openvpn client recommended setup, tweaks?

Post Reply
trohn_javolta
Posts: 71
Joined: Fri Nov 03, 2017 6:16 am
languages_spoken: english, german
ODROIDs: none (plans for XU4)
Has thanked: 0
Been thanked: 0
Contact:

[HC2] openvpn client recommended setup, tweaks?

Unread post by trohn_javolta » Tue Aug 13, 2019 11:38 pm

Hi, I want to try out my Odroid HC2 as an openvpn client. I don't expect great performance but I want to make sure I set it up correctly.

This is why I want to ask if anyone can give any recommendations or tweaks for using it as an openvpn client.
I'm running armbian (debian base).


Idk much about openvpn, I know it uses openssl for de and encryption. Is there a way to use hardware de and encryption so I can speed things up and have a better download speed via openvpn? Or is hw de/encryption maybe already used by default if I just install openvpn package?
I also read about some rng-tools package so hardware rng is used...but I think that only applies to C1?

Any recommendations on the best way to set this up are appreciated.

User avatar
mad_ady
Posts: 6401
Joined: Wed Jul 15, 2015 5:00 pm
languages_spoken: english
ODROIDs: XU4, C1+, C2, N1, H2, N2
Location: Bucharest, Romania
Has thanked: 150 times
Been thanked: 109 times
Contact:

Re: [HC2] openvpn client recommended setup, tweaks?

Unread post by mad_ady » Wed Aug 14, 2019 1:45 am

I don't know if you have hardware encryption offloading, though the 4.14 kernel has improvements in encryption speed. You can expect around 50MB/s top encryption speed, which is great.

Regarding setting it up - get openvpn from apt, get the ovpn file from your vpn provider and start it up with openvpn /path/to/file.ovpn
You can add it to a service file and have it start up automatically.
You should get a tun0 interface when tunnel is up and maybe some routes through the tunnel.

trohn_javolta
Posts: 71
Joined: Fri Nov 03, 2017 6:16 am
languages_spoken: english, german
ODROIDs: none (plans for XU4)
Has thanked: 0
Been thanked: 0
Contact:

Re: [HC2] openvpn client recommended setup, tweaks?

Unread post by trohn_javolta » Wed Aug 14, 2019 3:44 am

mad_ady wrote:
Wed Aug 14, 2019 1:45 am
I don't know if you have hardware encryption offloading, though the 4.14 kernel has improvements in encryption speed. You can expect around 50MB/s top encryption speed, which is great.

Regarding setting it up - get openvpn from apt, get the ovpn file from your vpn provider and start it up with openvpn /path/to/file.ovpn
You can add it to a service file and have it start up automatically.
You should get a tun0 interface when tunnel is up and maybe some routes through the tunnel.
What do you mean with encryption speed? Did you test max. download speed? That will be interessting. Do you think I can max out my internet connection which is 200 mbps down?

User avatar
mad_ady
Posts: 6401
Joined: Wed Jul 15, 2015 5:00 pm
languages_spoken: english
ODROIDs: XU4, C1+, C2, N1, H2, N2
Location: Bucharest, Romania
Has thanked: 150 times
Been thanked: 109 times
Contact:

Re: [HC2] openvpn client recommended setup, tweaks?

Unread post by mad_ady » Wed Aug 14, 2019 1:16 pm

I haven't tested speed with openvpn, but I did tests with scp. The encryption is similar.
Regarding top speed - it will depend on what the other tunnel endpoint supports as well.

trohn_javolta
Posts: 71
Joined: Fri Nov 03, 2017 6:16 am
languages_spoken: english, german
ODROIDs: none (plans for XU4)
Has thanked: 0
Been thanked: 0
Contact:

Re: [HC2] openvpn client recommended setup, tweaks?

Unread post by trohn_javolta » Tue Aug 20, 2019 6:25 pm

mad_ady wrote:
Wed Aug 14, 2019 1:16 pm
I haven't tested speed with openvpn, but I did tests with scp. The encryption is similar.
Regarding top speed - it will depend on what the other tunnel endpoint supports as well.
Can you specify what you mean exactly? I can get full 200 mbps downloadspeed via desktop pc with my current vpn provider.
Do you mean cipher?
Initially I have AES-128-CBC set in client.conf but in the log I can read AES-256-GCM is initated..maybe the over the domain and port I set only this is possible.

Well, setting everything up normally, I only get like 7 Mb/s -> 56 Mbps download speed out of possible 200 Mbps, that's pretty lame :/
I made sure openvpn process is running on a big core. Governor is performance.

I'm curious of the test you made with the 50 Mb/s encryption speed. Can you tell me the command to test that?
Because I noticed in htop it shows me only 8 little cores which max out at 1.5 ghz. (in cpufrequtils max speed is set to 2.0 Ghz). Idk maybe htop shows wrong info.

Ps: I'm using armbian..You're the maintainer of debian image right? Maybe I should try other os/images...but so far I was pretty happy with armbian.

User avatar
mad_ady
Posts: 6401
Joined: Wed Jul 15, 2015 5:00 pm
languages_spoken: english
ODROIDs: XU4, C1+, C2, N1, H2, N2
Location: Bucharest, Romania
Has thanked: 150 times
Been thanked: 109 times
Contact:

Re: [HC2] openvpn client recommended setup, tweaks?

Unread post by mad_ady » Tue Aug 20, 2019 6:35 pm

Here are the tests I did a year and a half ago: https://magazine.odroid.com/article/set ... rpose-nas/
Since then, with kernel 4.14 there were some reports of improved encryption performance.

Try https://github.com/mad-ady/odroid-cpu-control to get current cluster speeds.

I'm not the debian maintainer - that would be @meveric. I did my tests on the stock HK ubuntu image

trohn_javolta
Posts: 71
Joined: Fri Nov 03, 2017 6:16 am
languages_spoken: english, german
ODROIDs: none (plans for XU4)
Has thanked: 0
Been thanked: 0
Contact:

Re: [HC2] openvpn client recommended setup, tweaks?

Unread post by trohn_javolta » Tue Aug 20, 2019 8:47 pm

mad_ady wrote:
Tue Aug 20, 2019 6:35 pm
Here are the tests I did a year and a half ago: https://magazine.odroid.com/article/set ... rpose-nas/
Since then, with kernel 4.14 there were some reports of improved encryption performance.

Try https://github.com/mad-ady/odroid-cpu-control to get current cluster speeds.

I'm not the debian maintainer - that would be @meveric. I did my tests on the stock HK ubuntu image
What's cluster speed? :D
Is this arcfour cipher somehow compareable to AES-256-GCM?
If you could squeeze out 50 mb/s transfer speed via encrypted connection in your gigabit network it seems to me that 6-7 mb/s for my openvpn connection is pretty bad :?

In armbian there's armbianmonitor which shows this:

Time big.LITTLE load %cpu %sys %usr %nice %io %irq CPU C.St.
13:44:09: 2000/1500MHz 2.33 22% 7% 13% 0% 0% 1% 60.0°C 0/13
13:44:15: 2000/1500MHz 2.38 24% 13% 8% 0% 0% 2% 56.0°C 0/13
13:44:20: 2000/1500MHz 2.35 21% 13% 5% 0% 0% 2% 54.0°C 0/13
13:44:25: 2000/1500MHz 2.24 24% 16% 5% 0% 0% 2% 55.0°C 0/13
13:44:30: 2000/1500MHz 2.22 22% 14% 5% 0% 0% 2% 56.0°C 0/13

User avatar
mad_ady
Posts: 6401
Joined: Wed Jul 15, 2015 5:00 pm
languages_spoken: english
ODROIDs: XU4, C1+, C2, N1, H2, N2
Location: Bucharest, Romania
Has thanked: 150 times
Been thanked: 109 times
Contact:

Re: [HC2] openvpn client recommended setup, tweaks?

Unread post by mad_ady » Tue Aug 20, 2019 8:54 pm

Is this during a file transfer over openvpn? If you're using performance, then the frequencies seem correct.
I have a open vpn setup on a HC2. Let me see if I can do some throughput tests remotely...

Arcfour is a deprecated cypher, less secure than AES

User avatar
mad_ady
Posts: 6401
Joined: Wed Jul 15, 2015 5:00 pm
languages_spoken: english
ODROIDs: XU4, C1+, C2, N1, H2, N2
Location: Bucharest, Romania
Has thanked: 150 times
Been thanked: 109 times
Contact:

Re: [HC2] openvpn client recommended setup, tweaks?

Unread post by mad_ady » Tue Aug 20, 2019 10:56 pm

Ok. Did some tests with openvpn setup on a HC2 and a C2 as client, over internet (the same ISP). I have 300Mbps download in both locations, but I'm not sure about upload. Did tests with iperf3 over the UDP tunnel.

HC2 download traffic:

Code: Select all

drianp@bellatrix:~/development$ iperf3 -c 172.20.20.1 -p 5001 -t 30
Connecting to host 172.20.20.1, port 5001           
[  4] local 172.20.20.18 port 39222 connected to 172.20.20.1 port 5001
[ ID] Interval           Transfer     Bandwidth       Retr  Cwnd
[  4]   0.00-1.00   sec  9.13 MBytes  76.6 Mbits/sec    9    104 KBytes
[  4]   1.00-2.00   sec  7.73 MBytes  64.9 Mbits/sec    0    129 KBytes
[  4]   2.00-3.00   sec  5.73 MBytes  48.1 Mbits/sec    1    110 KBytes
[  4]   3.00-4.00   sec  7.05 MBytes  59.2 Mbits/sec    0    128 KBytes
[  4]   4.00-5.00   sec  6.85 MBytes  57.5 Mbits/sec    3   82.8 KBytes
[  4]   5.00-6.00   sec  8.41 MBytes  70.6 Mbits/sec    0    113 KBytes
[  4]   6.00-7.00   sec  9.71 MBytes  81.4 Mbits/sec    0    141 KBytes
[  4]   7.00-8.00   sec  9.46 MBytes  79.3 Mbits/sec   11    121 KBytes
[  4]   8.00-9.00   sec  7.80 MBytes  65.4 Mbits/sec    2    103 KBytes
[  4]   9.00-10.00  sec  7.39 MBytes  61.9 Mbits/sec    0    125 KBytes
[  4]  10.00-11.00  sec  9.54 MBytes  80.0 Mbits/sec    0    150 KBytes
[  4]  11.00-12.00  sec  9.72 MBytes  81.6 Mbits/sec    7    130 KBytes
[  4]  12.00-13.00  sec  8.73 MBytes  73.2 Mbits/sec    2    118 KBytes
[  4]  13.00-14.00  sec  9.57 MBytes  80.3 Mbits/sec    2    104 KBytes
[  4]  14.00-15.00  sec  8.78 MBytes  73.7 Mbits/sec   19   98.6 KBytes
[  4]  15.00-16.00  sec  9.15 MBytes  76.7 Mbits/sec    0    128 KBytes
[  4]  16.00-17.00  sec  9.66 MBytes  81.0 Mbits/sec    4    114 KBytes     
[  4]  17.00-18.00  sec  9.27 MBytes  77.8 Mbits/sec    4    104 KBytes       
[  4]  18.00-19.00  sec  9.47 MBytes  79.4 Mbits/sec    0    131 KBytes
[  4]  19.00-20.00  sec  9.91 MBytes  83.1 Mbits/sec    2    118 KBytes
[  4]  20.00-21.00  sec  9.84 MBytes  82.6 Mbits/sec    0    145 KBytes
[  4]  21.00-22.00  sec  8.45 MBytes  70.8 Mbits/sec    1    126 KBytes
[  4]  22.00-23.00  sec  8.97 MBytes  75.2 Mbits/sec    3    112 KBytes
[  4]  23.00-24.00  sec  8.31 MBytes  69.7 Mbits/sec    0    135 KBytes
[  4]  24.00-25.00  sec  9.77 MBytes  81.9 Mbits/sec    9    117 KBytes
[  4]  25.00-26.00  sec  9.69 MBytes  81.3 Mbits/sec    0    143 KBytes
[  4]  26.00-27.00  sec  8.16 MBytes  68.4 Mbits/sec    6    122 KBytes
[  4]  27.00-28.00  sec  7.95 MBytes  66.8 Mbits/sec    3    106 KBytes
[  4]  28.00-29.00  sec  7.69 MBytes  64.5 Mbits/sec    0    128 KBytes
[  4]  29.00-30.00  sec  8.81 MBytes  73.9 Mbits/sec    5    113 KBytes
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval           Transfer     Bandwidth       Retr
[  4]   0.00-30.00  sec   261 MBytes  72.9 Mbits/sec   93             sender
[  4]   0.00-30.00  sec   260 MBytes  72.8 Mbits/sec                  receiver

HC2 upload traffic:

Code: Select all

adrianp@bellatrix:~/development$ iperf3 -c 172.20.20.1 -p 5001 -R -t 30
Connecting to host 172.20.20.1, port 5001
Reverse mode, remote host 172.20.20.1 is sending
[  4] local 172.20.20.18 port 39224 connected to 172.20.20.1 port 5001
[ ID] Interval           Transfer     Bandwidth
[  4]   0.00-1.00   sec  5.70 MBytes  47.8 Mbits/sec
[  4]   1.00-2.00   sec  6.56 MBytes  55.0 Mbits/sec
[  4]   2.00-3.00   sec  5.69 MBytes  47.8 Mbits/sec
[  4]   3.00-4.00   sec  5.51 MBytes  46.3 Mbits/sec
[  4]   4.00-5.00   sec  5.74 MBytes  48.2 Mbits/sec
[  4]   5.00-6.00   sec  6.41 MBytes  53.8 Mbits/sec
[  4]   6.00-7.00   sec  6.00 MBytes  50.3 Mbits/sec
[  4]   7.00-8.00   sec  6.10 MBytes  51.2 Mbits/sec
[  4]   8.00-9.00   sec  5.77 MBytes  48.4 Mbits/sec
[  4]   9.00-10.00  sec  6.03 MBytes  50.6 Mbits/sec
[  4]  10.00-11.00  sec  6.22 MBytes  52.2 Mbits/sec
[  4]  11.00-12.00  sec  6.08 MBytes  51.0 Mbits/sec
[  4]  12.00-13.00  sec  6.02 MBytes  50.5 Mbits/sec
[  4]  13.00-14.00  sec  6.08 MBytes  51.0 Mbits/sec
[  4]  14.00-15.00  sec  6.22 MBytes  52.2 Mbits/sec
[  4]  15.00-16.00  sec  6.03 MBytes  50.6 Mbits/sec
[  4]  16.00-17.00  sec  5.69 MBytes  47.7 Mbits/sec
[  4]  17.00-18.00  sec  5.92 MBytes  49.7 Mbits/sec
[  4]  18.00-19.00  sec  6.16 MBytes  51.7 Mbits/sec
[  4]  19.00-20.00  sec  6.10 MBytes  51.2 Mbits/sec
[  4]  20.00-21.00  sec  6.23 MBytes  52.3 Mbits/sec
[  4]  21.00-22.00  sec  6.33 MBytes  53.1 Mbits/sec
[  4]  22.00-23.00  sec  5.77 MBytes  48.4 Mbits/sec
[  4]  23.00-24.00  sec  5.65 MBytes  47.4 Mbits/sec
[  4]  24.00-25.00  sec  5.67 MBytes  47.6 Mbits/sec
[  4]  25.00-26.00  sec  5.52 MBytes  46.3 Mbits/sec
[  4]  26.00-27.00  sec  5.76 MBytes  48.3 Mbits/sec
[  4]  27.00-28.00  sec  6.07 MBytes  51.0 Mbits/sec
[  4]  28.00-29.00  sec  6.13 MBytes  51.4 Mbits/sec
[  4]  29.00-30.00  sec  6.14 MBytes  51.5 Mbits/sec
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval           Transfer     Bandwidth       Retr
[  4]   0.00-30.00  sec   180 MBytes  50.2 Mbits/sec  166             sender
[  4]   0.00-30.00  sec   179 MBytes  50.2 Mbits/sec                  receiver

iperf Done.

So I see about 72Mb/s, which is not bad at all...
Image is stock Ubuntu Minimal, with no special affinities and ondemand governor.

trohn_javolta
Posts: 71
Joined: Fri Nov 03, 2017 6:16 am
languages_spoken: english, german
ODROIDs: none (plans for XU4)
Has thanked: 0
Been thanked: 0
Contact:

Re: [HC2] openvpn client recommended setup, tweaks?

Unread post by trohn_javolta » Tue Aug 20, 2019 11:16 pm

mad_ady wrote:
Tue Aug 20, 2019 8:54 pm
Is this during a file transfer over openvpn? If you're using performance, then the frequencies seem correct.
I have a open vpn setup on a HC2. Let me see if I can do some throughput tests remotely...

Arcfour is a deprecated cypher, less secure than AES
Yes it is.
mad_ady wrote:
Tue Aug 20, 2019 10:56 pm

So I see about 72Mb/s, which is not bad at all...
Image is stock Ubuntu Minimal, with no special affinities and ondemand governor.
Thx for the tests. Ah ok, you mean 72 Mbit/s not 72 Mb/s.
That's a tiny bit more than I get but not very that great at all if I compare it to my Linksys Wrt 1900acs. Running the client on it I get 100 Mbit/s.
I guess I'll change back to that setup. I just tried on hc2 because on my router I also have a openvpn server.
It's set up in a way that only hc2 goes through vpn tunnel. Unfortunately this way if I connect to my ovpn server from away I cannot reach the hc2, all other devices work fine. I'll live with that :)

User avatar
mad_ady
Posts: 6401
Joined: Wed Jul 15, 2015 5:00 pm
languages_spoken: english
ODROIDs: XU4, C1+, C2, N1, H2, N2
Location: Bucharest, Romania
Has thanked: 150 times
Been thanked: 109 times
Contact:

Re: [HC2] openvpn client recommended setup, tweaks?

Unread post by mad_ady » Wed Aug 21, 2019 12:37 am

There must be some network configuration problem. In my general aetup I terminate openvpn on my asus wrt 56 and I'm able to access my lan devices just fine.
Run some pings through the tunnel and a tcpdump on your hc2 to locate the problem.

trohn_javolta
Posts: 71
Joined: Fri Nov 03, 2017 6:16 am
languages_spoken: english, german
ODROIDs: none (plans for XU4)
Has thanked: 0
Been thanked: 0
Contact:

Re: [HC2] openvpn client recommended setup, tweaks?

Unread post by trohn_javolta » Wed Aug 21, 2019 3:17 am

mad_ady wrote:
Wed Aug 21, 2019 12:37 am
There must be some network configuration problem. In my general aetup I terminate openvpn on my asus wrt 56 and I'm able to access my lan devices just fine.
Run some pings through the tunnel and a tcpdump on your hc2 to locate the problem.
I fear it's beyond my knowledge, I tried for over a year now to resolve this somehow, various posts in various forums and nothing did help.
I made my peace with it :D

..But be my guest if you want. :D Here is a post from openwrt forum: https://forum.openwrt.org/t/routing-exp ... uter/17075

The config should be same as the current. I opened more current threads in german forums if you happen to speak german.

Post Reply

Return to “Other OS”

Who is online

Users browsing this forum: No registered users and 2 guests