Hello Stefan, hello Peter, hello Eric, hello *,
sorry for the late reply.
@Peter: Thank you for the "max-pending-packets" hint. Changing the value from 1024 (default) to 2048, 4096 and 8192 unfortunately did not made things better - OpenVPN throughput stays the same.
@Stefan: Thank you for building and packaging! I will install it on my testing machine and report back within the next days.
Since I was unable to reproduce the OpenVPN bandwidth issue on another (productive) system running on Core Update 134, I guessed Core 135 (https://blog.ipfire.org/post/ipfire-2-23-core-update-135-released) introduced that problem. This is wrong, I have updated the system meanwhile, performed a reboot, and everything stays the same.
@Eric: It is good to know that the DNS problem can be tracked down to a Netfilter bug. There are some iptables/Netfilter/... packages which we are not shipping the latest version, I will update them. Do you happen to have a bugtracker ID or link for that problem?
@All: Meanwhile, the domain "suricata-ids.org" was listed at URIBL (http://uribl.com/), so some mails got rejected at our mail server. I guess that was a false positive and removed hard reject action for URIBL. Anyway: Is anyone aware of a compromise or security issues at "suricata-ids.org"?
Thanks, and best regards, Peter Müller