[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Web openvpn.net

[Openvpn-users] LJ's "cons" of OpenVPN: how serious is latency?

  • Subject: [Openvpn-users] LJ's "cons" of OpenVPN: how serious is latency?
  • From: "J. Perkins" <jsperkins@xxxxxxxxx>
  • Date: Tue, 21 Dec 2004 13:48:18 -0800 (PST)

I was interested to see the LinuxJournal's "Meet OpenVPN" article:

The author lists a few "cons" of the program, including:
" - The OpenVPN process is executed in userland and, thus, is
relatively slow. TUN/TAP devices combine together with a
userland-process to create a setup in which traffic has to cross
userland/kernel borders relatively often. This setup might create
rather high latency on connections.

- A packet overhead is present because IP/Ethernet is encapsulated in
SSL and SSL in UDP/TCP."

I'm just wondering how important these considerations are in practice.
I realize that there are no doubt many factors which contribute, so let
me just give an example. I'm looking to set up a very small VPN with
1-3 (sporadic) "road warriors." Probably some remote desktop, but the
most common activity will be SMB browsing.

All pretty light weight, but the trick is much of the traffic will be
trans-Pacific (Oz/Canada). So my priority is perceived latency. When
somebody says OpenVPN is "relatively slow", is that "slow" in an
academic, computer-science inefficient inter-process communication sort
of way, or slow in a my-users-will-complain sort of way? (And what
"fast" VPN method are we comparing this to, anyway? IPSec?)

Judging by the raves OpenVPN gets on this list for both performance and
reliability, I wonder how big a deal this is. I considered the LJ
writer might be over-stating the case, I note he even takes the time to
repeat it in the last sentence: "If OpenVPN has a disadvantage, it
might be latency. However, no real-life data exists yet to back up that
claim." (No "real-life data"? So fake data exists?)

In a related note, would there be any benefit to using a WRAP w/a VPN
Mini-PCI card for crypto help? Again, I'm going to be limited in
throughput by the cable connections, so latency is my only concern.

Thanks --


Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 

Openvpn-users mailing list