LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)
-   -   Tweaking the spedd of OpenVPN, help needed. (https://www.linuxquestions.org/questions/linux-networking-3/tweaking-the-spedd-of-openvpn-help-needed-777110/)

Alexander.s 12-20-2009 06:04 PM
Tweaking the spedd of OpenVPN, help needed.
 
Hi! [edit: speed isn't spelled spedd :/ ]

I have an issue where some employees with an assymetric connection, are complaining about horrible speeds using the OpenVPN I've set up.

Now everything is working fine for me as a OpenVPN-client and I'm on a 100/100Mbps fiber connection, the employees are all on 30/10Mbps DSL connections. The OpenVPN-server is on a 50/20Mbps DSL connection.
(100/100 would mean 100Mbps downstream and 100Mbps upstream)

I've read some about OpenVPN being slow with assymetric connections, and I'm trying to find a way to improve our situation.

This post; http://openvpn.net/archive/openvpn-d.../msg00001.html
talks about the differences between a tcp and udp based OpenVPN. His conclusion is that tcp is faster, and I'm wondering what your experiences are.

As of today I have a very generic setup.
Server config:
Code:
up "process -p OpenVPN.exe High"
local 10.10.10.6
port 1194
proto udp
dev tap
dev-node OpenVPN
ca ca.crt
cert server.crt
key server.key
dh dh1024.pem
ifconfig-pool-persist ipp.txt
server-bridge 10.10.10.150 255.255.255.0 10.10.10.151 10.10.10.200
push "dhcp-option DNS 10.10.10.6"
push "dhcp-option WINS 10.10.10.6"
keepalive 10 120
comp-lzo
persist-key
persist-tun
status openvpn-status.log
verb 3
And my client config:
Code:
client
dev tap
dev-node OpenVPN
proto udp
remote remote-domain 1194
resolv-retry infinite
nobind
persist-key
persist-tun
mute-replay-warnings
ca ca.crt
cert client1.crt
key client1.key
ns-cert-type server
comp-lzo
verb 3
Thank you!

scheidel21 12-21-2009 08:26 AM
Not familiar with this issue, but it is possible that you are dropping a lot of UDP packets which could cause horrible performance, you could try TCP then you would have guaranteed delivery. This would ensure that all data is getting passed through and reassembled in the right order. UDP has no guarantee and is a best effort only. See if changing that makes any difference in the set up, maybe setup a second openVPN server running on a different port using TCP and change the clients that are having problems to the new setup and see if anything changes.


All times are GMT -5. The time now is 11:05 AM.