There are a lot of articles on the Internet about improving OpenVPN speed, and often they are all focused on the settings of the server-client itself, packet sizes, encryption algorithms or disabling them. Everyone compares OpenVPN to a WireGuard. WireGuard works in kernel space and that’s what determines everything. Compared to userspace for openvpn. But that’s not quite true.

Here I must immediately clarify, that the given method of solving the problem is specific for virtual machines with small memory size, from 1Gb to 8Gb, in other cases you need to compare memory, link bandwidth and speed.

Here is a list of dynamically set values ​​relative to the system memory size:

• sysctl net.core.rmem_default
• sysctl net.core.rmem_max
• sysctl net.core.wmem_default
• sysctl net.core.wmem_max
• sysctl net.core.somaxconn
• sysctl net.core.netdev_max_backlog
• sysctl net.core.optmem_max
• sysctl net.ipv4.udp_mem
• sysctl net.ipv4.udp_rmem_min
• sysctl net.ipv4.udp_wmem_min
• sysctl net.ipv4.tcp_mem
• sysctl net.ipv4.tcp_rmem
• sysctl net.ipv4.tcp_wmem
• sysctl net.ipv4.tcp_synack_retries
• sysctl net.ipv4.tcp_keepalive_time
• sysctl net.ipv4.tcp_max_tw_buckets

Without further explanation

parted -a optimal /dev/sda
unit MiB
print free

#    Number  Start     End        Size       Type     File system     Flags
#            0,03MiB   1,00MiB    0,97MiB             Free Space
#     1      1,00MiB   1025MiB    1024MiB    primary  ext4            boot
#     2      1025MiB   5121MiB    4096MiB    primary  linux-swap(v1)
#     3      5121MiB   70657MiB   65536MiB   primary  ext4
#            70657MiB  476940MiB  406283MiB           Free Space

To display Content-Type correctly, you need to add the following values ​​to mime.types
otherwise the default_type application/octet-stream; directive will be used.

Setting minimum and maximum speeds for devices

# 70000 kilobytes/s ~ 68 Mb/s
echo "70000" > /proc/sys/dev/raid/speed_limit_min
echo "100000" > /proc/sys/dev/raid/speed_limit_max

sysctl analogue

dev.raid.speed_limit_min=70000
dev.raid.speed_limit_max=100000

Deploying the required system for a quick debugging

Sometimes you need to quickly test something in a specific environment that is native to that application, such as Ubuntu.
And no, it’s not Docker, because you often need to have a normal ability to work with this environment as a system, edit configs, install packages, and so on.
Rebuilding docker images or configuring something inside them is a very specific and strange pleasure.
KVM is not needed here, LXC takes longer to set up and is more difficult to interact with.
Yes, the easiest way is debootstrap and good old chroot.

Let me note that this is not about isolation and security, but about a quick way to run trusted software in a specific environment.

amd64 xenial

mkdir /data/.box/amd64_xenial
/usr/sbin/debootstrap --verbose --include=nano,bash-completion,aptitude --arch amd64 xenial /data/.box/amd64_xenial http://archive.ubuntu.com/ubuntu/