Low speed with tcp proto

[woland255]

Good day to all.

I have OpenVPN 2.2.0 under Linux. I need to use tcp protocol, because I need to access my home server (this is Synology NAS if it needed) from my work, but I can only access it though http proxy.
If I test this scenario even from my _home_ network, file copy speed is 6-8 times slower than under udp protocol.
Is this normal? What can I do to improve performance with tcp?
My server config:
port 8080
proto tcp
dev tun
ca ca.crt
cert 192.168.1.110.crt
key 192.168.1.110.key
dh dh1024.pem
topology subnet
# local 192.168.3.110
server 192.168.2.0 255.255.255.0
push "route 192.168.3.0 255.255.255.0"
client-to-client
keepalive 20 180
comp-lzo
max-clients 10
# tun-mtu 1300
# mssfix
user nobody
group nobody
persist-key
persist-tun
status openvpn-status.log
log-append openvpn.log
verb 3
mute 20

Thank you.

[janjust]

there are a couple of things to try:

1) determine the optimal MTU value; this can be done by pinging the server using

Code: Select all

ping -M do -s <size> server

on linux or using

Code: Select all

ping -f -l <size> server

on Windows; vary <size> to find the optimal value; I'd start out with 1472 , as that is the default for ethernet networks.
If the MTU needs to be lowered then lower it on both ends

2) specify an 'mssfix' value e.g

Code: Select all

mssfix 1400

3) add

Code: Select all

tcp-nodelay

to the server config and restart the server.

If the connection is bad (i.e. packet loss > 10%) then openvpn over TCP will always be much slower than openvpn over UDP (due to the dreaded TCP-over-TCP handshake lockups).

[woland255]

Hi, Janjust

tcp-nodelay was real cure!
Thank you very much. I was really thinking that this option is used everywhere by default now.....

Now tcp speed is comparable (~10% slower) than udp speed.

And I have one more question. Without vpn file copy speed in local network is about 20MB/sec. With VPN established in this local net (no internet for test purpose) file copy speed is 1,5Mb/sec maximum. Is it normal?