[prev in list] [next in list] [prev in thread] [next in thread]
List: openvpn-users
Subject: Re: [Openvpn-users] http-encapsulation
From: Jan Just Keijser <janjust () nikhef ! nl>
Date: 2020-02-17 13:41:57
Message-ID: 7a9617d4-3155-edf7-adc5-4c37368bb270 () nikhef ! nl
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
Hi Hans,
On 13/02/20 10:15, Hans via Openvpn-users wrote:
>
> Hi all,
>
> Is there anyone around here, that performed a measurement what the
> impact is of doing http-encapsusation (http-proxy) with openvpn?
>
> My case:
>
> - Client & servers are on a (huge) LAN
>
> - client is 2.4.6, servers are 2.4.7
>
> - Setting up a vpn connection with UDP, doing a ping toward machine
> behind the server, I get a latency of 10-20mS
>
> - Setting up a vpn connection with TCP and http-proxy, doing a ping
> toward machine behind the server, I get a latency of 200-340mS
>
> I cannot imagine that the process of encapsulation and peeling out by
> the reversed proxy requires the same amount of time (extra 200++ mS)
> that is equivalent of a transatlantic round trip.
>
> The reversed proxy, and the network around it are both beyond my control.
>
>
FWIW: I have just tested this myself, using OpenVPN 2.4.8 and apache
mod_proxy, with no additional configuration or tuning other than
"--http-proxy A.B.C.D 80 " : the latency did *not* go up when testing
this from my home address to the server's address. In a high speed LAN
environment the latency went from sub millisecond level to ~2 ms .
You can try playing with --tcp-nodelay on the server to see if that
helps. Also, I assume that your ping latency tests were using *SMALL*
packets - if not, then tuning the tun-mtu size might help
HTH,
JJK
[Attachment #5 (text/html)]
<html>
<head>
<meta http-equiv="Content-Type" content="text/html;
charset=windows-1252">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<div class="moz-cite-prefix">Hi Hans,<br>
<br>
<br>
On 13/02/20 10:15, Hans via Openvpn-users wrote:<br>
</div>
<blockquote type="cite"
cite="mid:2y4t25gsrv-1@0151ims403.msg.iegi.nl">
<meta http-equiv="Content-Type" content="text/html;
charset=windows-1252">
<meta name="Generator" content="Microsoft Word 14 (filtered
medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Verdana;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:"Segoe UI";
panose-1:2 11 5 2 4 2 4 2 2 3;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";
mso-fareast-language:EN-US;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Verdana","sans-serif";
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri","sans-serif";
mso-fareast-language:EN-US;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:70.85pt 70.85pt 70.85pt 70.85pt;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="WordSection1">
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Verdana","sans-serif"">Hi
all,<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Verdana","sans-serif""><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Verdana","sans-serif""
lang="EN-US">Is there anyone around here, that performed a
measurement what the impact is of doing http-encapsusation
(http-proxy) with openvpn?<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Verdana","sans-serif""
lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Verdana","sans-serif""
lang="EN-US">My case:<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Verdana","sans-serif""
lang="EN-US">- Client & servers are on a (huge) LAN<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Verdana","sans-serif""
lang="EN-US">- client is 2.4.6, servers are 2.4.7<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Verdana","sans-serif""
lang="EN-US">- Setting up a vpn connection with UDP, doing a
ping toward machine behind the server, I get a latency of
10-20mS<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Verdana","sans-serif""
lang="EN-US">- Setting up a vpn connection with TCP and
http-proxy, doing a ping toward machine behind the server, I
get a latency of 200-340mS<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Verdana","sans-serif""
lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Verdana","sans-serif""
lang="EN-US">I cannot imagine that the process of
encapsulation and peeling out by the reversed proxy requires
the same amount of time (extra 200++ mS) that is equivalent
of a transatlantic round trip.<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Verdana","sans-serif""
lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Verdana","sans-serif""
lang="EN-US">The reversed proxy, and the network around it
are both beyond my control.<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Verdana","sans-serif""
lang="EN-US"><o:p> </o:p></span></p>
<br>
</div>
</blockquote>
FWIW: I have just tested this myself, using OpenVPN 2.4.8 and apache
mod_proxy, with no additional configuration or tuning other than
"--http-proxy A.B.C.D 80 " : the latency did *not* go up when
testing this from my home address to the server's address. In a high
speed LAN environment the latency went from sub millisecond level
to ~2 ms . <br>
<br>
You can try playing with --tcp-nodelay on the server to see if that
helps. Also, I assume that your ping latency tests were using
*SMALL* packets - if not, then tuning the tun-mtu size might help <br>
<br>
HTH,<br>
<br>
JJK<br>
<br>
</body>
</html>
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic