I am using OpenVPN from 2007 as tunnel to reach computers inside local network via Internet. It is working perfectly and stable via different types of connection (dial-up, mobile, satellite).
I know OpenVPN is making traffic compression, but before I never tried to make measurement of compression level.
Now I am trying to run VPN connection between vessel and office via slow satellite connection.
Goals are to make traffic compression as first step and second step is automatically change channel to 2G/3G/HotSpot network when they are available.
I run two FreeBSD servers (shore and vessel), made OpenVPN connection between them and run all vessel traffic via this tunnel. Everything is working fine. But when I made measurement of traffic compression - I was surprised – 25% of increasing, not reducing as I expected!!!!
I understand, that OpenVPN has overhead charges for tunneling (IP+UDP headers 28 bytes/packet), for encryption (cipher header), for "HMAC firewall" (hash header), for compression (1 byte), for VPN and other. But I hoped that final compression will have any positive result.
When I switched off encryption (cipher none) and "HMAC firewall" (auth none), result is a little better - “only” 15% of traffic increasing, but still negative result for me.
I suspected may be lzo compression is not working. I run ping with 1000 bytes data and received more then 5 times less traffic!!!. It is meaning for test traffic compression is working perfectly, but it is not effective for real life situation (I mean for my case).
I searched in internet about OpenVPN compression and found a lot of recommendation to use it for traffic compression, but no any mention about traffic increasing or real measurements.
At this point as results of running real vessel traffic via OpenVPN I have15% traffic increasing and delay increased from 600ms to 900ms.
My questions are:
1. Somebody tried to make measurements how effective OpenVPN lzo compression in real situation?
2. Which OpenVPN option can be additionally changed in purpose to reduce overhead charges and make compression with positive result or at least without traffic increasing?
Counters:
Code: Select all
ipfw show
#OpenVPN traffic
02000 564805 106098533 count ip from any to VPN_SERVER out via vlan1
02001 578006 183452650 count ip from VPN_SERVER to any in via vlan1
#Traffic before OpenVPN
02002 563232 86932433 count ip from any to any out via tun0
02003 576164 164297507 count ip from any to any in via tun0Code: Select all
local VPN_SERVER
port 1194
proto udp
dev tun
ca easy-rsa/keys/ca.crt
cert easy-rsa/keys/server.crt
key easy-rsa/keys/server.key
dh easy-rsa/keys/dh1024.pem
server 192.168.100.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "route 192.168.99.0 255.255.255.0"
client-config-dir ccd
route 192.168.101.0 255.255.255.0
client-to-client
keepalive 10 120
;tls-auth easy-rsa/keys/ta.key 0
auth none
cipher none
comp-lzo
max-clients 20
user nobody
group nobody
persist-key
persist-tun
verb 4
mute 20
.