%20%E7%9A%84%20OpenVPN%20%E9%80%9F%E5%BA%A6%E8%B0%83%E6%95%B4.png)
背景:
我的 Windows 10 VPS 上运行着一个 OpenVPN 服务器。VPS 的网络连接是 ~750 Mbps下载和〜450Mbps 上传(通过多次 speedtest.net 测试获得)。VPS 有 2 个 vCPU 和 8 GB RAM。VPS 仅为两个 OpenVPN 客户端提供服务。但是,客户端的 speedtest 通常显示30兆位启用 VPN 时的测试。
我尝试过:
- 请查看配置
配置:
- 服务器
;local a.b.c.d
--duplicate-cn
port 443
;proto tcp
proto udp
sndbuf 393216
rcvbuf 393216
push "sndbuf 393216"
push "rcvbuf 393216"
txqueuelen 4000
tun-mtu 9000
mssfix 0
fragment 0
;dev tap
dev tun
ca "ca.crt"
cert "ERVER.crt"
key "C:\\SE.key" # This file should be kept secret
dh "dh.pem"
;topology subnet
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
;server-bridge 10.8.0.4 255.255.255.0 10.8.0.50 10.8.0.100
;server-bridge
;push "route 192.168.10.0 255.255.255.0"
;push "route 192.168.20.0 255.255.255.0"
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 208.67.222.222"
push "dhcp-option DNS 8.8.8.8"
keepalive 10 120
tls-auth "tls-auth.key" 0 # This file is secret
cipher AES-128-CBC
persist-key
persist-tun
;mute 20
explicit-exit-notify 1
- 客户
dev tun
proto udp
remote IP 443
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
key-direction 1
cipher AES-128-CBC
verb 3
<ca>
-----BEGIN CERTIFICATE-----
</ca>
<cert>
</cert>
<key>
-----BEGIN PRIVATE KEY-----
</key>
<tls-auth>
</tls-auth>
答案1
client
dev tun
remote-cert-tls server
compress
proto udp
cipher aes-128-cbc
ncp-disable
fast-io
sndbuf 512000
rcvbuf 512000
txqueuelen 2000
pull
nobind
reneg-sec 0
resolv-retry infinite
verb 3
persist-key
persist-tun
remote-random
mute-replay-warnings
route-delay 10
- 使用 UDP 可获得更好的 OpenVPN 性能。
- 禁用压缩
- 禁用密码协商