OpenVPN Slow

ryanarp

Chuck said: Does it support lowendspirit IPv4 NAT?

Honestly I have not tried it. I might have to add that to my todo list. I can't see why not though.

J1021

I think I have resolved my problem. The solution, running it on port 1194. I had previously been using port 443 and 80, assuming these would help me on more restrictive networks.

Will need a few days before I can be sure though.

Nyr

Silvenga said: Not exactly, OpenVPN has a fingerprint of a OpenVPN tunnel. It looks like a UDP/TCP connection exchanging private keys. sc754 was refering to using a HTTP SSL tunnel - which looks like HTTPS.

Some ISP will block or shape OpenVPN traffic because it looks like OpenVPN traffic (many people use it to bypass ISP shaping). We get around that by making the traffic look like web browsing traffic (I believe Netflix also uses HTTPS, etc.)

I do know, but he just said "Put your openvpn connection through an SSL tunnel". Well, OpenVPN was already a SSL tunnel.

Silvenga

Nyr said: I do know, but he just said "Put your openvpn connection through an SSL tunnel". Well, OpenVPN was already a SSL tunnel.

Well technically SSL was created to encrypt HTTP text based traffic. I believe OpenVPN was created after TLS was created, and SSL discouraged. :P

I always felt that we can use the wording TLS for any type of encrypted traffic that uses handshakes to securely pass symmetric keys. SSL on the other hand was created for HTTPS. Although people still use TLS and SSL as synonyms.

ValdikSS

@kcaj

• Disable LZO
• Enable fast-io
• Increase interface queue up to 1000 (txqueuelen 1000)

If nothing happens, set link-mtu on both server and client config to your internet interface MTU (1500, for example). This will set MTU on tun device so OpenVPN won't internally fragment packets.

For TCP do all the above and add the following:

tcp-nodelay

ValdikSS

Softether is fine, but it's missing a lot of advanced settings. You can't tune almost anything in IPSec, for example.