[OpenWireless Tech] openvpn bandwith throttling?

Sat Dec 1 13:54:13 PST 2012

I echo Andy regarding the potential for MTU to be the problem.

In the test results you shared, your last test states "with MTU 1400".  How
did you set the MTU?  In OpenVPN, there are a number of parameters that
effect packet size, both within OpenVPN itself and through reporting to
applications using the TCP stack to construct traffic that will flow
through the connection.

See the manual regarding:
mtu-disc
mtu-test
link-mtu
tun-mtu
mssfix
fragment

This may spin a bit off-topic for this list if we get deep into the
subject, though perhaps it is of interest...Either way, OpenVPN support
channels/communities will likely have a greater concentration of experts.

Cheers,
Sean

On Sat, Dec 1, 2012 at 1:50 PM, Andy Green <andy at warmcat.com> wrote:

> Hi -
>
> Couple of ideas... it is sensitive to actual path mtu and doesn't seem to
> succeed to detect it on my setup anyway. For a while I used a 3g router for
> everything, this choked my personal openvpn server connection until I
> changed both sides to force mtu below 500. Larger udp packets would fail
> until they happened to be retried fragmented below the actual path mtu.
>
> Prior to that it could saturate a 100Mbps cable modem link. I don't think
> you suddenly have a 3g modem in your route ^^ just saying the mtu
> definitely can impact it.
>
> Second, how about setting up a temporary server yourself very close in
> routing terms, and seeing if the problem is gone? It could be explicit
> throttling at the server side, or that all the vpn users pass through a
> 100Mbps switch and top out etc.
>
> -Andy
>
> Huub Schuurmans <huubsch at xs4all.nl> wrote:
>>
>> We are evaluating the use of a vpn-tunnel from the AP-owner machine to a
>> (remote) server on the Internet. We found that the available bandwith
>> suffers badly from the use of OpenVPN.
>> Has anybody experienced this before? Can we tweek openvpn performance by
>> changing parameters. We are running FreeBSD9.0 and used the default
>> OpenVPN-paramaters.
>> Bandwith at the server is about 100 Mbps, the internetconnection at the
>> AP-owner runs at 25 Mbps but with the openvpn tunnel in place this
>> reduces to only 8 Mbps. Even without encryption and compression bandwith
>> is only aroun 10 Mbps.
>>
>> Kind regards,
>> Huub
>>
>>
>> Here are some technical details.
>>
>> Bandwith from the server to the internet:
>> %fetch -o /dev/null
>> http://ftp.de.freebsd.org/pub/FreeBSD/ls-lR.gz
>>  <http://ftp.de.freebsd.org/pub/FreeBSD/ls-lR.gz>
>> **
>> /dev/null 100% of 25 MB 13 MBps
>>
>> # AP-owner inet connection:
>> $ curl -o /dev/null  <http://ftp.de.freebsd.org/pub/FreeBSD/ls-lR.gz>http://ftp.de.freebsd.org/pub/FreeBSD/ls-lR.gz 100
>> 25.6M 100 25.6M 0 0 6564k 0 0:00:04 0:00:04 --:--:-- 6650k
>> $ curl -o /dev/null http://ftp.nl.freebsd.org/pub/FreeBSD/ls-lR.gz 100
>> 25.6M 100 25.6M 0 0 6739k 0 0:00:03 0:00:03 --:--:-- 6797k
>>
>> # From the AP
>> # fetch -o /dev/null http://ftp.de.freebsd.org/pub/FreeBSD/ls-lR.gz
>> /dev/null 100% of 25 MB 843 kBps
>> # fetch -o /dev/null http://ftp.nl.freebsd.org/pub/FreeBSD/ls-lR.gz
>> /dev/null 100% of 25 MB 993 kBps
>>
>> # Same, without encryption (only slightly higher)
>> # fetch -o /dev/null http://ftp.de.freebsd.org/pub/FreeBSD/ls-lR.gz
>> /dev/null 100% of 25 MB 1284 kBps
>>
>> # Same, without compression  (only slightly higher)
>> # fetch -o /dev/null http://ftp.de.freebsd.org/pub/FreeBSD/ls-lR.gz
>> /dev/null 100% of 25 MB 1335 kBps
>>
>> # Same with MTU 1400 (no effect)
>> # fetch -o /dev/null http://ftp.de.freebsd.org/pub/FreeBSD/ls-lR.gz
>> /dev/null 100% of 25 MB 1298 kBps
>>
>> ------------------------------
>>
>> Tech mailing list
>> Tech at srv1.openwireless.org
>> https://srv1.openwireless.org/mailman/listinfo/tech
>>
>>
> _______________________________________________
> Tech mailing list
> Tech at srv1.openwireless.org
> https://srv1.openwireless.org/mailman/listinfo/tech
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.eff.org/pipermail/tech/attachments/20121201/923460c7/attachment.html>