[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Web openvpn.net

[Openvpn-users] Settings for TCP tunnel over a lossy link?

  • Subject: [Openvpn-users] Settings for TCP tunnel over a lossy link?
  • From: "Merit Wilkinson" <meritw@xxxxxxxxx>
  • Date: Wed, 29 Aug 2007 18:45:40 -0400

Hello All,
I am running an OpenVPN tunnel from the US to Asia (with a dsl modem
on the far end, to boot).  I get relatively reasonable latencies
(300-600 ms) but pretty high packet loss (as much as 20%).  Due to a
corporate firewall that I have no control over I have to use a TCP
tunnel.  The server is a Windows 2003 machine, clients are XP.

Overall performance is pretty poor.  I can connect and maintain the
connection fine, and things like FTP transfers are usually OK but
trying to log in to a windows machine with terminal services for
example is extremely difficult.

After reading through the lists here I tried "mssfix 1200", that
didn't seem to make much difference.  I've seen it suggested to use
tun instead of tap in cases like this, I haven't tried it because I
don't have a good way of setting up return routes on the remote
network to the VPN machine.

Here is my server config:
proto tcp
dev tap
dev-node tap0
mssfix 1200
ca "keys\\ca.crt"
cert "keys\\server.crt"
key "keys\\server.key"
dh "keys\\dh2048.pem"
ifconfig-pool-persist ipp.txt
keepalive 10 120
cipher BF-CBC
max-clients 10
status openvpn-status.log
verb 4
And client:
dev tap
proto tcp
remote myvpn.dynalias.com
resolv-retry infinite
ns-cert-type server
verb 3
mssfix 1200

Any suggestions to improve performance?
OpenVPN mailing lists