Re: [Openvpn-users] Openvpn slow on asymmetric connections

[George Thompson <georgegpn@xxxxxxxxxxxxx>]

AES256 is an encryption algorithm I like to use.  I use it for my disk encryption with PGP.  Ive read about it and its very strong.  Even thou blowfish is strong as well, I don't completely trust it, and 3des is out of the question;  that algorithm is just way to slow.  On a LAN connection I get about 96 mbits/s with AES256, with lots of cpu time to spare.  I checked my traffic.  Between the server and client (out of the tunnel),  my latency is average is 26 ms.  In the tunnel my latency average is 32ms.  There is no packet loss in or out of the tunnel.  I tried playing with the buffers by increasing them, but it did not improve anything.  By the way, I did disable the encryption and lzo-comp to try and diagnose the problem.  Even with those disabled the speed is still the same. The download for this thing really does seem limited by the upload.  Verizon temporarily increased my upload to 5mbits/s so I can see if that was it.  When they did this my download on Openvpn  went up to about 4.6mbit/s.  This is kind of strange there is nothing much using my upstream but Openvpn seems to sync the connection to the slowest of the two.  I even ran tcpdump to confirm that nothing but tunnel data was using my upstream. When I do download my average upstream usage is about 92kbit/s.  Not even close to the 2mbits I have.  The only thing that is uploading is the ack packets (in tunnel).  The compression is adaptive, so if I am sending anything that cannot be compressed it should cut off.  I have it because it helps when I am web browsing.  It compression is disabled for now.

Thanks.
MarleyGPN



-----Original Message-----
>From: Jon Bendtsen <jon.bendtsen@xxxxxxxxxx>
>Sent: Jan 3, 2006 6:48 AM
>To: OpenVPN Users <openvpn-users@xxxxxxxxxxxxxxxxxxxxx>
>Subject: Re: [Openvpn-users] Openvpn slow on asymmetric connections
>
>Den tirsdag 3.jan kl. 12:36 skrev George Thompson:
>
>> My upsteam bandwidth is avaliable. There is nothing else using it up
>
>Okay
>
>
>> This is the config for my openvpn server and client
>>
>> My server config:
>>
>> mode server
>> local <Server's public ip here>
>> port 443
>> proto udp
>> dev tap2
>> ca ./keys/ca.crt
>> cert ./keys/Kizaki2-vpn.crt
>> key ./keys/Kizaki2-vpn.key
>> dh ./keys/dh2048.pem
>> --client-config-dir ./config
>> server-bridge 10.216.228.201 255.255.255.0 10.216.228.50 10.216.228.59
>> client-to-client
>> push "keepalive 15 120"
>> tls-auth ./keys/ta.key 0
>> cipher aes-256-cbc
>
>Why do you force it to this cihper?
>
>
>> max-clients 10
>> persist-key
>> persist-tun
>> status openvpn-status.log
>> log openvpn.log
>> verb 3
>> mute 20
>> comp-lzo
>
>Can the data be compressed?
>
>
>> crl-verify ./keys/crl.pem
>>
>> My client's config-dir file on server:
>>
>> --ifconfig-push 10.216.228.217 255.255.255.0
>> 10.216.228.201
>> push "redirect-gateway"
>
>You now send every traffic across the tunnel. This might steal some  
>of your
>bandwidth.
>
>
>Check for packet loss, and slow packets. I would do this using smokeping
>both outside the tunnel and inside the tunnel
>
>
>
>
>JonB
>
>
>-------------------------------------------------------
>This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
>for problems?  Stop!  Download the new AJAX search engine that makes
>searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
>http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click
>_______________________________________________
>Openvpn-users mailing list
>Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
>https://lists.sourceforge.net/lists/listinfo/openvpn-users



____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users