LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Server (https://www.linuxquestions.org/questions/linux-server-73/)
-   -   ssh over OpenVPN network: compression questions (https://www.linuxquestions.org/questions/linux-server-73/ssh-over-openvpn-network-compression-questions-4175455454/)

catkin 03-25-2013 01:32 AM
ssh over OpenVPN network: compression questions
 
A doubt ...

When running ssh over an OpenVPN network does it make sense to compress both?

The OpenVPN network carries several types of traffic, not just ssh, so presumably its best to have OpenVPN configured for compression in case the upper level packets are not compressed.

ssh packets' payloads are encrypted so are random so cannot be compressed. Presumably ssh compresses raw data and so reduces the amount of encrypted data to be transmitted. The same reasoning would apply to any encrypted data.

If my understanding is correct, it would follow that both OpenVPN and ssh should be set to compress to minimise the size of what is sent over the wire.

Pearlseattle 03-25-2013 04:41 PM
Interesting! I would agree with you.
OpenVPN trying to recompress the ssh-packets would be an overhead as you stated, but maybe the compression performed by ssh would give overall more benefits than the overhead.

But as usual, there are a lot of variables involved: maybe when OpenVPN tries to re-compress the ssh-traffic the ssh-packets grow in size a lot (similar to zipping a zip-file), or the HW of your source/target server (used to compress/uncompress the traffic) is just too slow compared to the bandwidth you have, or the type of traffic handled by your ssh is not ideal (e.g. from what I saw now ssh does not achieve the same compression ratio for both single chars and strings), or the network you use has a high latency, etc... .

So, probably the only way to be sure about it would be to test a real-world scenario... .

Cheers

Turbocapitalist 03-26-2013 04:18 AM
A test may be the best way to find out. ssh can be set to compress data using -C, but even the man page warns that on fast networks that may actually slow things down.

catkin 03-27-2013 01:28 AM
Thanks Pearlseattle and Turbocapitalist :)

I had hoped that a Gedankenexperiment would be enough and a practical test could be avoided!

If I find time to test I will update this thread. Meanwhile I will compress both because our end-to-end OpenVPN network is not fast and increasing the size of small packets (say a single character typed during an interactive ssh logon) would not be a problem.

Pearlseattle 03-30-2013 02:39 PM
Addendum:
btw, no clue about openvpn (never used it), but at least with ssh if you're using (especially on the side which performs the compression) a recent intel cpu, then you can tell ssh to use one of the algorithms that use the hw-acceleration of your cpu. Did some tests a few months ago and my transfer rate doubled (if i can remember correctly).
will check during the next days what was the exact option i used (as usual I thought "I'll write it down", but of course I didn't).


All times are GMT -5. The time now is 07:34 PM.