Page 1 of 1
OpenVPN + Remote Desktop speed
Posted: Mon Mar 21, 2011 6:02 pm
by hadeor
Hi,
I have set up an openvpn bridge for roadwarrior to access pc with remote desktop over vpn. First, since i had bad experience with udp i started a tcp connection - terrible speed. Since everybody says ofc, it is tcp over tcp == bad, i changed to udp but while the speed remained bad, it disconnects regularly. Tried to change MTU, lowered it even to 1300 but no change. mtu-test comes up with the 1572 (!) result, fragment, mssfix does nothing.
Forgot to mention, without vpn the remote desktop speed is even if not excellent, but almost totally smooth.
Any comment would be appreciated.
Cheers,
Hadeor
Re: OpenVPN + Remote Desktop speed
Posted: Tue Mar 22, 2011 7:55 am
by maikcat
hi there,
if you ping the server,
what response times you have 1)pinging the rdp server inside vpn 2)pinging your router without vpn?
cheers,
michael.
Re: OpenVPN + Remote Desktop speed
Posted: Tue Mar 22, 2011 10:38 am
by janjust
you state that you have set up an openvpn bridge - did you use bridging? can you try it without bridging? Bridging has quite an impact on performance. Also, post your server and client config files so that we can have a better understanding of what you're doing
Re: OpenVPN + Remote Desktop speed
Posted: Tue Mar 22, 2011 2:23 pm
by hadeor
maikcat:
pinging rdp server over vpn
Minimum = 24ms, Maximum = 27ms, Average = 25ms
pinding router without vpn
Minimum = 22ms, Maximum = 25ms, Average = 23ms
janjust:
yes, i did bridging. i know there is SOME impact, but i think there must be some other explanation... after all it is only one user atm, with one rdp
server is an ubuntu 10.04 lts running on vmware (on windows server 2008 r2, on nice server hw), openvpn:
[strike]OpenVPN 2.1.0 x86_64-pc-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [MH] [PF_INET6] [eurephia] built on Jul 20 2010
i just realized it is a rather old openvpn, didnt think apt will use this... will update it later and test again[/strike]
OpenVPN 2.2-RC x86_64-unknown-linux-gnu [SSL] [LZO2] [EPOLL] [eurephia] built on Mar 22 2011
updating from 2.1.0 to 2.2-RC did not bring any change
server config - currently with tcp since it is stable and the http/ssh/ftp is doing fine
Code: Select all
mode server
dev tap0
port 1194
proto tcp-server
#proto udp
#fast-io
tls-server
dh /etc/openvpn/ssl/dh2048.pem
cert /etc/openvpn/ssl/vpnserver.crt
key /etc/openvpn/ssl/vpnserver.key
ca /etc/openvpn/ssl/dl-ca.crt
reneg-sec 216000
server-bridge
keepalive 5 60
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
status /var/log/openvpn/xxx-status 1
log /var/log/openvpn/xxx.log
verb 1
mute 10
#tun-mtu 1500
#tun-mtu-extra 32
#max-clients 253
script-security 3
tmp-dir "/etc/openvpn/temp"
#tcp-queue-limit 128
#txqueuelen 200
#tcp-nodelay
inactive 600
#tun-mtu 1400
#fragment 1300
#mssfix
#mtu-test
client config
Code: Select all
client
dev tap
proto tcp-client
#proto udp
remote xxx.xxx.xxx.xxx 1194
resolv-retry infinite
nobind
comp-lzo
persist-key
persist-tun
verb 3
mute 10
pull
ns-cert-type server
cert kosztyua.crt
key kosztyua.key
ca dl-ca.crt
tls-client
reneg-sec 0
#mtu-test
bridge
Code: Select all
#!/bin/bash
openvpn --mktun --dev tap0
brctl addbr br0
brctl addif br0 eth0
brctl addif br0 tap0
ifconfig tap0 0.0.0.0 promisc up
ifconfig eth0 0.0.0.0 promisc up
dhclient br0
Re: OpenVPN + Remote Desktop speed
Posted: Tue Mar 22, 2011 2:43 pm
by janjust
bridging can easily destroy half your performance without a single user , so think carefully if you really need this.
As for your setup: if you must use 'proto tcp' then also enable 'tcp-nodelay' as this tends to have an impact on performance as well.
If all you're interested in is RDP via a VPN link then stop using bridging; you could even stop using OpenVPN and switch to simple SSH port-forwarding.
Re: OpenVPN + Remote Desktop speed
Posted: Tue Mar 22, 2011 3:28 pm
by hadeor
No luck with changing from bridge to route, speed remains. I actually removed tcp-nodelay in hope of speeding up a bit (afaik it gives fast responses at the expense of efficiency), putting back gave no change.
Unfortunately SSH is not an option, management needs an easy solution.
I will try setting up openvpn on windows server now, outside of vmware (although it cant remain like that, only for testing)
UPDATE windows+openvpn server bad idea it seems, bad parameter --mode server
UPDATE2 SSH tunnel is nice, speed much better than openvpn but slower than pure rdp.
Re: OpenVPN + Remote Desktop speed
Posted: Tue Mar 22, 2011 4:34 pm
by hadeor
Btw I do not neccessarily want to stick with tcp, but i simply did not find a stable udp setup :/