[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] ssl vpn packet structure


  • Subject: Re: [Openvpn-users] ssl vpn packet structure
  • From: James Yonan <jim@xxxxxxxxx>
  • Date: Thu, 20 Jan 2005 10:23:11 -0700 (MST)

On Thu, 20 Jan 2005, Mathias Sundman wrote:

> On Thu, 20 Jan 2005, Jordi Meya wrote:
> 
> > Hi list!
> > I want to use OpenVPN for a Lab, and I'd like to know which is the overhead 
> > that the SSL-VPN layer represents (I want to analyse the impact on the 
> > network performance when using VPN's). I have been scrolling though the 
> > RFC2246 and "googleing" but I can't find this information. Could any of you 
> > point me to a good resource?
> 
> Google this list archive :-)
> 
> In this post James wrote:
> 
> http://article.gmane.org/gmane.network.openvpn.user/6583/match=protocol+overhead
> 
> > It varies depending on options.  With a TUN-style tunnel over UDP using
> > the default TLS options, the per-packet overhead is:
> > 
> > 41 bytes security layer overhead (includes packet tag (1), HMAC-SHA1
> > signature (20), initialization vector (16), sequence number (4))
> > 
> > 28 bytes tunneling overhead (includes IP + UDP header)
> > 
> > Total: 69 bytes per packet
> > 
> > If your data stream is compressible, you can potentially gain back all 
> > of this overhead.
> 
> 
> If you're interested in the details of the protocol, have a look at the 
> comments in ssl.h in the openvpn source.

Also see:

http://openvpn.net/security.html

which is a general discussion on the OpenVPN security model, but also 
includes the ssl.h comments.

James




____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users