OpenVPN client with 8.1.1

Hi all

I got the latest RC for 8.1.1 and purchased an OpenVPN license. I’m having some problems. I realize that this is not released yet but someone might have some hints.

I’m trying it with Windscribe which has been working very well for me with WireGuard so I think it’s a reasonably good service.

I got it working and was delighted when I went to and saw pretty good performance through the VPN. But then when I browse to some sites such as CNN it just hangs and times out. That sounds like a MTU issue so I’ve been fiddling with the MTU and got it somewhat better and even managed to reverse which sites work and which don’t but never achieving consistent good performance.

The uplink is cellular on AT&T. Using that directly, I’ve found that MTU 1430 works well. I played around with ping to determine that by trial and error.

A couple of questions:
What should be the relationship, if any, be between MTU on OpenVPN and the uplink? If the uplink is 1430, what should OpenVPN be?

Windscribe gives me the following choices before generating a .ovpn file.
Protocol: TCP or UDP
Port: About 10 in a dropdown list.
Cipher: AES-CBC or AES-GCM

What would be good choices? I’ve mostly been playing with UDP, port 1194, AES-CBC.


Hi @tetranz, I’m not a guru and can’t answer all your questions, but I’ll suggest to start with UDP port 443/1194 using AES-GCM.

I’m using Windscribe as well and the config files work well on another router for both OpenVPN and Wireguard.

However, I haven’t been able to get the same .ovpn config files to work on Surf Soho MK3 with the OpenVPN license. I have factory reset and reinstalled the firmware, but haven’t been successful yet.

Any pointers please.

Many thanks.

When I try AES-GCM the Pepwave reports a .opvn file error. I don’t know if that’s a Pepwave bug or Windscribe generating a non-compliant file.

It’s frustratingly close but not quite there. I’m getting really weird results like I can go to on Firefox and it mostly works but Chrome on the same computer completely times out with no connection. I know that doesn’t make much sense from the LAN but that’s what’s happening. It all works well without OpenVPN.

It’s not a critical requirement for me. I was happily using Windscribe and WireGuard with another router so I thought it would be nice to continue with it.

Well, I got stuck at the .ovpn file error as well, so it never connected. I opened a ticket with Peplink support, here’s what the guy suggested:

"You have to open the configuration of your openvpn with text editor. Notepad or Notepad++ should be fine. Find the line with lzo end remove it.

We use newer openvpn daemon from open source. And it does not support this option since 2.5 version."

That hasn’t worked for me, but you can try it and see if it works for you. Otherwise, try generating a new .ovpn file using AES-CBC.

Hope it works.

Thanks. That got rid of the error but it still doesn’t work well. It sounds like Windscribe’s OpenVPN might be a bit old or something.

I think I’ll have to give up on this for now. I guess I could build my own OpenVPN server at somewhere like Digital Ocean but if I do that I may as well build a FusionHub server.

I spent some more time on this.

I installed OpenVPN on a server that I already have at Linode. That works fine with the Pepwave MAX BR1 MK2 so I guess there is some incompatibility with Windscribe.

By the way, for anyone wanting to built their own OpenVPN server, this script makes it wonderfully easy. GitHub - Nyr/openvpn-install: OpenVPN road warrior installer for Ubuntu, Debian, AlmaLinux, Rocky Linux, CentOS and Fedora

I also created a FusionHub server at Digital Ocean with the image linked at the bottom here FusionHub - Installation in Digital Ocean and following Martin’s good video here Setting Up FusionHub on Vultr – Martin Langmaid – SDWAN Architect. That works well too and, as expected, gives somewhat better throughput than OpenVPN.

I know some people are never happy but my big wishlist item would be for Peplink to support WireGuard.

That could be a DNS issue. Each web browser can be configured to use a different DNS provider. Then, there is DNS in the OS, then there is DNS from the VPN. To see what DNS servers are being used in each browser, there are tests here

Off-topic. I love the ROBERT feature of Windscribe. To borrow from Jerry Seinfeld - it makes me the master of my DNS domain resolutions.