I use OpenVPN in a road-warrior setup over often slow and unreliable wireless connections. That on it’s own makes using interactive applications pretty hard.
But if you’re now additionally running OpenVPN in TCP mode over these links things get worse. The reason is, that TCP uses some kind of a three-way handshake to make sure all packets arrive in time and re-transmits those packets that don’t. With OpenVPN over TCP you now have your application’s TCP session encapsulated in your VPN”s TCP session, doubling your ACKs and re-transmissions (if needed).
Now I switched to UDP on the VPN’s session and if the link starts to loose packets, the VPN will too, but the application’s TCP session will make sure those packets are being re-transmitted. All in all everything feels much faster – at least for a crappy 3G connection.
See this link for a more detailed explanation.
This article has one Comment
2012/05/03
We run a small vpn provider free ads http://www.vpnpop.com been playing with openvpn for awhile now and I have some numbers. With proper HTB class based shaping UDP is over 3x faster on a generic speedtest.net. You basicly nailed it; you can improve TCP to some extent by forcing MTU’s and few other directives. Let us know if you need servers to test! also lzo seems to be bad on lossy links. Running TCP_Westwood on the clusters helps with that alot.
tcp-queue-limit 128
tun-mtu 1500
mssfix 1300
tun-mtu-extra 32
txqueuelen 15000