Re: [Openvpn-users] HTTP over openvpn latency

  • Subject: Re: [Openvpn-users] HTTP over openvpn latency
  • From: Peter Barwich <pbarwich@xxxxxxxxxxx>
  • Date: Tue, 10 Jul 2007 15:35:40 +0100

Re: [Openvpn-users] HTTP over openvpn latency
"Dave Swegen" <dswegen@xxxxxxxxx>
Tue, 10 Jul 2007 13:13:03 +0100
"Alexandros Papadopoulos" <apap@xxxxxx>
"Alexandros Papadopoulos" <apap@xxxxxx>

On 7/10/07, Alexandros Papadopoulos <apap@xxxxxx> wrote:
On Tuesday 10 July 2007 11:28, Dave Swegen wrote:
> I've run into a somewhat strange issue with the speed of HTTP traffic over
> an openvpn link between my laptop and the gateway running openvpn +
> tinyproxy.

WIFI link? Could this be an MTU issue? Can you check the network statistics
(retransmits etc) of your access point when using OpenVPN?

I should perhaps have mentioned I have also seen this over a wired link (albeit  via an HTTP proxy). I'll retry it on a normal wired link to see what happens.

Check out http://openvpn.net/faq.html (search for mssfix)

Thanks for the pointer.


Assuming you're running the tinyproxy on the server end of your ovpn link you could try using the "redirect-gateway def1"  (that's def one) directive in your client config instead. (Or push it from the server side in a file in your cfg directory). All packets heading for the internet from your client now go to your OVPN server.

Remember too that you're probably hard up against your upload limit at the proxy simultaneously with downloads which can cause problems. The simplest analysis says your maximum transmission rate is your worst UPload rate, since whichever way you're going your proxy is uploading, but in fact it's worse than this if you're hard up against an external bandwidth limit.because ack packets get strangled.

Also see http://sites.inka.de/sites/bigred/devel/tcp-tcp.html, which explains why TCP over TCP is a bad idea, though you say an ovpn tunnel using UDP gave you the same bad results

Finally try one of the speed test sites, rather than just opening a web page. Depending where you are http://cemp1.switch.ch/network/performance/web100/tcpbw100.html (which is in Bern Switzerland) or one of its affiliates gives some good info.