[GLLUG] Openvpn overhead?

Dave Lambley dave.lambley at gmail.com
Fri Apr 6 15:04:42 UTC 2018


On 6 April 2018 at 14:00, Tim Woodall via GLLUG <gllug at mailman.lug.org.uk>
wrote:

> On Thu, 5 Apr 2018, James Courtier-Dutton wrote:
>
> On 4 April 2018 at 19:58, Tim Woodall via GLLUG
>> <gllug at mailman.lug.org.uk> wrote:
>>
>>> Hi all,
>>>
>>> I have a wifi link between two (debian) firewalls that are in separate
>>> premises. I'd like to put a wired link in but that requires getting some
>>> permissions so it won't be quick (although it's simple to do)
>>>
>>> Over the wifi link I can scp data at at least 1MB/s which isn't great
>>> but it's not too bad. iwconfig says the connection is at 150Mb/s so in
>>> theory I should be able to do 10x that. (One end is an access point into
>>> a 100Mb ethernet link while the other end is a USB wifi dongle so I'm
>>> not expecting 15MB/s)
>>>
>>>
>> The problems you are likely to run into are the different link speeds.
>> Whenever data travels between links of different speeds, packets get lost.
>> Approximately, and 100Mbits/second Ethernet link can transfer data at
>> about 10Mbytes/second.
>> TCP does its best to backoff, and thus reduce packet loss to a minimum
>> but each time a packet is lost, a TCP transfer slows.
>>
>
> Many thanks for pointing out the obvious that I should have realised.
>
> Changing to using tcp for the VPN link has greatly improved things!
>
> I would have liked to use the shaper option but it appears that this is
> only available on the client - you can't use it in to ratelimit the
> server on the link (AFAICT).
>
> If I had lots of free time, I might try seeing if I could add some sort
> of FEC algorithm to openvpn. My guess (from no data) is that packet loss
> is bursty so, when packets are queuing (due to rate limiting which would
> also need to be implemented for the server end too) then an encoding
> similar to the CIRS code on CDs would be a place to start.
>
> When the channel is not busy, just duplicating packets would help with
> no added latency.
>
> But I don't have lots of free time (roll on retirement - I will be SO
> busy ;-) )
>
>
OpenVPN can use both TCP and UDP. It might be worth checking which one
you're using and trying the other.

Advertised wifi speeds are the theoretical maximum, which are you unlikely
to get anywhere near in real life for a variety of reasons. Unlike wired
Ethernet, I'd be pleasantly surprised to see even half the claimed rate.

Your access point may let you configure the channel bandwidth (10, 20,
40MHz), and the maximum bit rate. It may be worth reducing one or both to
see if that makes the link behave more consistently.

Dave
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.lug.org.uk/pipermail/gllug/attachments/20180406/292e70e8/attachment.html>


More information about the GLLUG mailing list