EFW Support

Support => VPN Support => Topic started by: Johann32 on Thursday 23 September 2010, 07:20:28 pm


Title: OpenVPN: Performance (latency) problems with Endian 2.4C
Post by: Johann32 on Thursday 23 September 2010, 07:20:28 pm
Hi all,
we use OVPN in standard-configuration (except: connections via 443/tcp).
Unfortunately VPN connections using the Endian are unreliable (high latancy) and slow (attachment 1), even pinging the green interface of Endian.
I excluded most possible reasons by running openvpn with the config file of an Untangle box (attachment 2) from the endian command line. We have much better and more stable ping times using that (attachment 3).

I guess it is because of using TUN instead of TAP (tunneling instead of bridging).
unfortunately I am not able to reconfigure Endian to use TUN instead of TAP so we could proceed using the web interface for user management etc.

- Has someone general performance-tips (except: using UDP, that's not the reason, we have the same bad experience when using UDP)
- Is one of you able to rewrite the configuration of Endian (I think rewriting openvpn.conf.tmpl)? I didn't make it work with TUN :(


Many thanks, Johann





attachment 1:
>ping -t 192.168.12.1

Pinging 192.168.12.1 with 32 bytes of data:

Reply from 192.168.12.1: bytes=32 time=523ms TTL=128
Reply from 192.168.12.1: bytes=32 time=82ms TTL=128
Reply from 192.168.12.1: bytes=32 time=79ms TTL=128
Reply from 192.168.12.1: bytes=32 time=80ms TTL=128
Reply from 192.168.12.1: bytes=32 time=86ms TTL=128
Reply from 192.168.12.1: bytes=32 time=83ms TTL=128
Reply from 192.168.12.1: bytes=32 time=82ms TTL=128
Reply from 192.168.12.1: bytes=32 time=79ms TTL=128
Reply from 192.168.12.1: bytes=32 time=207ms TTL=128
Reply from 192.168.12.1: bytes=32 time=83ms TTL=128
Reply from 192.168.12.1: bytes=32 time=80ms TTL=128
Reply from 192.168.12.1: bytes=32 time=202ms TTL=128
Reply from 192.168.12.1: bytes=32 time=164ms TTL=128
Reply from 192.168.12.1: bytes=32 time=194ms TTL=128
Reply from 192.168.12.1: bytes=32 time=198ms TTL=128
Reply from 192.168.12.1: bytes=32 time=396ms TTL=128
Reply from 192.168.12.1: bytes=32 time=80ms TTL=128
Reply from 192.168.12.1: bytes=32 time=84ms TTL=128
Reply from 192.168.12.1: bytes=32 time=138ms TTL=128
Reply from 192.168.12.1: bytes=32 time=82ms TTL=128
Reply from 192.168.12.1: bytes=32 time=221ms TTL=128
Reply from 192.168.12.1: bytes=32 time=321ms TTL=128
Reply from 192.168.12.1: bytes=32 time=84ms TTL=128
Reply from 192.168.12.1: bytes=32 time=82ms TTL=128

Ping statistics for 192.168.12.1:
    Packets: Sent = 24, Received = 24, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 79ms, Maximum = 523ms, Average = 154ms


attachment 2:
#AUTOGENERATED BY UNTANGLE DO NOT MODIFY


# OpenVPN(v2.0) configuration script

mode server
ca   data/ca.crt
cert data/server.crt
key  data/server.key
dh   data/dh.pem
client-config-dir ccd
keepalive 10 120
cipher AES-128-CBC
user openvpn
group openvpn
ccd-exclusive
tls-server
comp-lzo
persist-key
persist-tun
status openvpn-status.log
verb 1
mute 20
management 127.0.0.1 1195
proto tcp-server
port 443
dev tun0
ifconfig 172.16.0.1 172.16.0.2
push "route 172.16.0.1"
# Groups
route 172.16.0.0 255.255.255.0

# Exports
push "route 10.4.0.0 255.255.0.0"

max-clients 500




attachment 3:
>ping -t 172.16.0.1

Pinging 172.16.0.1 with 32 bytes of data:

Reply from 172.16.0.1: bytes=32 time=88ms TTL=64
Reply from 172.16.0.1: bytes=32 time=82ms TTL=64
Reply from 172.16.0.1: bytes=32 time=83ms TTL=64
Reply from 172.16.0.1: bytes=32 time=90ms TTL=64
Reply from 172.16.0.1: bytes=32 time=81ms TTL=64
Reply from 172.16.0.1: bytes=32 time=87ms TTL=64
Reply from 172.16.0.1: bytes=32 time=85ms TTL=64
Reply from 172.16.0.1: bytes=32 time=85ms TTL=64
Reply from 172.16.0.1: bytes=32 time=90ms TTL=64
Reply from 172.16.0.1: bytes=32 time=83ms TTL=64
Reply from 172.16.0.1: bytes=32 time=108ms TTL=64
Reply from 172.16.0.1: bytes=32 time=85ms TTL=64
Reply from 172.16.0.1: bytes=32 time=86ms TTL=64
Reply from 172.16.0.1: bytes=32 time=87ms TTL=64
Reply from 172.16.0.1: bytes=32 time=83ms TTL=64
Reply from 172.16.0.1: bytes=32 time=107ms TTL=64
Reply from 172.16.0.1: bytes=32 time=86ms TTL=64
Reply from 172.16.0.1: bytes=32 time=84ms TTL=64
Reply from 172.16.0.1: bytes=32 time=85ms TTL=64
Reply from 172.16.0.1: bytes=32 time=84ms TTL=64
Reply from 172.16.0.1: bytes=32 time=82ms TTL=64
Reply from 172.16.0.1: bytes=32 time=91ms TTL=64
Reply from 172.16.0.1: bytes=32 time=85ms TTL=64
Reply from 172.16.0.1: bytes=32 time=84ms TTL=64
Reply from 172.16.0.1: bytes=32 time=87ms TTL=64
Reply from 172.16.0.1: bytes=32 time=85ms TTL=64
Reply from 172.16.0.1: bytes=32 time=83ms TTL=64
Reply from 172.16.0.1: bytes=32 time=86ms TTL=64
Reply from 172.16.0.1: bytes=32 time=135ms TTL=64
Reply from 172.16.0.1: bytes=32 time=89ms TTL=64
Reply from 172.16.0.1: bytes=32 time=88ms TTL=64
Reply from 172.16.0.1: bytes=32 time=83ms TTL=64
Reply from 172.16.0.1: bytes=32 time=85ms TTL=64
Reply from 172.16.0.1: bytes=32 time=86ms TTL=64
Reply from 172.16.0.1: bytes=32 time=87ms TTL=64
Reply from 172.16.0.1: bytes=32 time=83ms TTL=64
Reply from 172.16.0.1: bytes=32 time=85ms TTL=64
Reply from 172.16.0.1: bytes=32 time=87ms TTL=64
Reply from 172.16.0.1: bytes=32 time=89ms TTL=64
Reply from 172.16.0.1: bytes=32 time=84ms TTL=64
Reply from 172.16.0.1: bytes=32 time=80ms TTL=64
Reply from 172.16.0.1: bytes=32 time=82ms TTL=64
Reply from 172.16.0.1: bytes=32 time=88ms TTL=64
Reply from 172.16.0.1: bytes=32 time=85ms TTL=64

Ping statistics for 172.16.0.1:
    Packets: Sent = 44, Received = 44, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 80ms, Maximum = 235ms, Average = 89ms


Powered by SMF 1.1 RC2 | SMF © 2001-2005, Lewis Media