[Openvpn-users] double RTT times through VPN

  Subject: [Openvpn-users] double RTT times through VPN
  From: Alexandros Papadopoulos <apapadop@xxxxxxxxxxxxxx>
  Date: Fri, 21 Jan 2005 10:53:59 +0000 (UTC)

Dear all

I'm running some tests to check the performance of our VPN tunnels (all 
implemented with OpenVPN on Debian GNU/Linux machines). I'm using the 
routed mode (tun device) and pre-shared secret keys.

I tried downloading (repeatedly, various file sizes) stuff off our 
webserver, through its publicly accessible IP address. That gave me 
speed X. Then I downloaded the same stuff from the same host, but this 
time through the VPN, and the speed was the same or faster, depending 
on how compressible the data was (say, a bunch of zeroes transfers much 
faster than the theoretical bandwidth limit of my link).

So all's well in terms of bandwidth.

Then I ran some RTT (round trip time) tests to check that my latency was 
also fine. For the 3 out of 4 VPNs we implement, the latency is 
identical (average RTT of ~35ms).

But for the 4th tunnel, things were quite different:

Through the tunnel:
--- ping statistics ---
10 packets transmitted, 10 received, 0% packet loss, time 9088ms
rtt min/avg/max/mdev = 59.270/65.476/74.254/4.408 ms

Using the public IP address of the remote host:
--- <snip> ping statistics ---
10 packets transmitted, 10 received, 0% packet loss, time 9085ms
rtt min/avg/max/mdev = 27.950/31.337/35.034/2.522 ms

So, through that particular tunnel it takes on average 31ms without the 
tunnel, and 65ms through the tunnel (twice as much!) for a packet to 
travel to and fro.

These are the configuration options I use for all tunnels:

daemon VPN_<name>
dev tun
up ./<name>.up
secret <namee>.key
port 500?
user nobody
group nogroup
ping 15
ping-restart 45
verb 3

# openvpn --version
OpenVPN 2.0_beta19 i386-pc-linux [SSL] [LZO] [EPOLL] built on Dec  5 
Copyright (C) 2002-2004 James Yonan <jim@xxxxxxxxx>

I tried adding the options

tun-mtu 1500
fragment 1300

...without any improvement.

Any ideas?



