[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

[Openvpn-users] double RTT times through VPN


  • Subject: [Openvpn-users] double RTT times through VPN
  • From: Alexandros Papadopoulos <apapadop@xxxxxxxxxxxxxx>
  • Date: Fri, 21 Jan 2005 10:53:59 +0000 (UTC)

Dear all

I'm running some tests to check the performance of our VPN tunnels (all 
implemented with OpenVPN on Debian GNU/Linux machines). I'm using the 
routed mode (tun device) and pre-shared secret keys.

I tried downloading (repeatedly, various file sizes) stuff off our 
webserver, through its publicly accessible IP address. That gave me 
speed X. Then I downloaded the same stuff from the same host, but this 
time through the VPN, and the speed was the same or faster, depending 
on how compressible the data was (say, a bunch of zeroes transfers much 
faster than the theoretical bandwidth limit of my link).

So all's well in terms of bandwidth.

Then I ran some RTT (round trip time) tests to check that my latency was 
also fine. For the 3 out of 4 VPNs we implement, the latency is 
identical (average RTT of ~35ms).

But for the 4th tunnel, things were quite different:

Through the tunnel:
--- 192.168.3.1 ping statistics ---
10 packets transmitted, 10 received, 0% packet loss, time 9088ms
rtt min/avg/max/mdev = 59.270/65.476/74.254/4.408 ms

Using the public IP address of the remote host:
--- <snip> ping statistics ---
10 packets transmitted, 10 received, 0% packet loss, time 9085ms
rtt min/avg/max/mdev = 27.950/31.337/35.034/2.522 ms

So, through that particular tunnel it takes on average 31ms without the 
tunnel, and 65ms through the tunnel (twice as much!) for a packet to 
travel to and fro.

These are the configuration options I use for all tunnels:

daemon VPN_<name>
dev tun
ifconfig 10.3.0.1 10.3.0.2
up ./<name>.up
secret <namee>.key
port 500?
user nobody
group nogroup
comp-lzo
ping 15
ping-restart 45
persist-tun
persist-key
verb 3

# openvpn --version
OpenVPN 2.0_beta19 i386-pc-linux [SSL] [LZO] [EPOLL] built on Dec  5 
2004
Copyright (C) 2002-2004 James Yonan <jim@xxxxxxxxx>

I tried adding the options

tun-mtu 1500
fragment 1300
mssfix

...without any improvement.

Any ideas?

Thanks

-A


____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users