[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] HTTP over openvpn latency


  • Subject: Re: [Openvpn-users] HTTP over openvpn latency
  • From: Peter Barwich <pbarwich@xxxxxxxxxxx>
  • Date: Tue, 10 Jul 2007 15:35:40 +0100


Subject:
Re: [Openvpn-users] HTTP over openvpn latency
From:
"Dave Swegen" <dswegen@xxxxxxxxx>
Date:
Tue, 10 Jul 2007 13:13:03 +0100
To:
"Alexandros Papadopoulos" <apap@xxxxxx>
To:
"Alexandros Papadopoulos" <apap@xxxxxx>
CC:
openvpn-users@xxxxxxxxxxxxxxxxxxxxx



On 7/10/07, Alexandros Papadopoulos <apap@xxxxxx> wrote:
On Tuesday 10 July 2007 11:28, Dave Swegen wrote:
> I've run into a somewhat strange issue with the speed of HTTP traffic over
> an openvpn link between my laptop and the gateway running openvpn +
> tinyproxy.
>

WIFI link? Could this be an MTU issue? Can you check the network statistics
(retransmits etc) of your access point when using OpenVPN?


I should perhaps have mentioned I have also seen this over a wired link (albeit  via an HTTP proxy). I'll retry it on a normal wired link to see what happens.

Check out http://openvpn.net/faq.html (search for mssfix)


Thanks for the pointer.

Cheers
    Dave

Assuming you're running the tinyproxy on the server end of your ovpn link you could try using the "redirect-gateway def1"  (that's def one) directive in your client config instead. (Or push it from the server side in a file in your cfg directory). All packets heading for the internet from your client now go to your OVPN server.

Remember too that you're probably hard up against your upload limit at the proxy simultaneously with downloads which can cause problems. The simplest analysis says your maximum transmission rate is your worst UPload rate, since whichever way you're going your proxy is uploading, but in fact it's worse than this if you're hard up against an external bandwidth limit.because ack packets get strangled.

Also see http://sites.inka.de/sites/bigred/devel/tcp-tcp.html, which explains why TCP over TCP is a bad idea, though you say an ovpn tunnel using UDP gave you the same bad results

Finally try one of the speed test sites, rather than just opening a web page. Depending where you are http://cemp1.switch.ch/network/performance/web100/tcpbw100.html (which is in Bern Switzerland) or one of its affiliates gives some good info.