View All Products
Compute
Storage
Networking
Databases
Services
Developer Tools
Industries
Pricing
Community
Engage With Us
Community Questions Proxy 10-50 times faster than OpenVPN?
Log in to Ask a Question

Proxy 10-50 times faster than OpenVPN?

networking

So, currently I have a UK Linode that I use to watch iPlayer, etc. To do so, I initially set up an OpenVPN VPN. However, after connecting to the VPN on my home PC, I noticed the speed was ridiculously inconsistent. It would sometimes get 3mb/s, but seconds later go down to 200kb/s. This is based on speed tests via http://www.speedtest.net.

I thought this was just normal due to the distance between where I live and the UK, but then I decided to try to install a proxy and use that instead. Using Polipo I consistently get 6mb/s. That's GREAT.

I'd LIKE to use a VPN (for easier sshfs among other things), but could people help me get it working at the same, or nearly the same, speed as the proxy?

/etc/openvpn/server.conf

port 46000
proto udp
dev tun

ca /etc/openvpn/ca.crt
cert /etc/openvpn/omfg.crt
key /etc/openvpn/omfg.key
dh /etc/openvpn/dh2048.pem

server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt

push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 10.8.0.1"

keepalive 10 120
comp-lzo

user vpnuser
group vpnuser

persist-key
persist-tun

status openvpn-status.log
verb 3

client.ovpn

client
dev tun
proto udp

remote mylinode.com 46000
resolv-retry infinite
nobind

persist-key
persist-tun

ca C:\\Users\\me\\Documents\\OpenVPN\\ca.crt
cert C:\\Users\\me\\Documents\\OpenVPN\\omfghome.crt
key C:\\Users\\me\\Documents\\OpenVPN\\omfghome.key

ns-cert-type server
comp-lzo

verb 3

/etc/polipo/config

allowedPorts = 1-65535
tunnelAllowedPorts = 1-65535
allowedClients = 127.0.0.1, my.home.ipaddress.yo/24
dnsQueryIPv6 = no
dnsUseGethostbyname = yes

9 Replies

VPN is ENCRYPTED (which takes lots of processing power AND time), Proxy is NOT - I doubt you'll ever see the same speed.

@vonskippy:

VPN is ENCRYPTED (which takes lots of processing power AND time), Proxy is NOT - I doubt you'll ever see the same speed.

That's a fair point.

However, realistically I don't think the speed should be as wildly inconsistent as it is over VPN. It really does go from 1-2mb/s down to 200kb/s at the drop of a hat.

Also I think that comparable speeds between VPN and Proxy is a reasonable goal.

It certainly can be affected by latency between you and your server, and there is some overhead to the VPN, but 200kb/s does seem too low.

Just for the heck of it, what kernel are you currently using? The first few in the 3.14 line had a kernel bug that affected OpenVPN performance - see https://forum.linode.com/viewtopic.php?f=20&t=11008

So on the off chance you happen to currently be using 3.14.1 through 3.14.3, try updating to a later kernel to see if that helps.

– David

@db3l:

It certainly can be affected by latency between you and your server, and there is some overhead to the VPN, but 200kb/s does seem too low.

Just for the heck of it, what kernel are you currently using? The first few in the 3.14 line had a kernel bug that affected OpenVPN performance - see https://forum.linode.com/viewtopic.php?f=20&t=11008

So on the off chance you happen to currently be using 3.14.1 through 3.14.3, try updating to a later kernel to see if that helps.

– David 

Linux myhostname 3.15.4-x86_64-linode45 #1 SMP Mon Jul 7 08:42:36 EDT 2014 x86_64 GNU/Linux

=/

@Varda Elbereth: 

Linux myhostname 3.15.4-x86_64-linode45 #1 SMP Mon Jul 7 08:42:36 EDT 2014 x86_64 GNU/Linux

=/
Drat …

One other thought - what if you switch your OpenVPN to tcp mode just as a test. You're already on a non-standard port, but I wonder if your ISP (or really any box along the way) could be doing throttling of UDP traffic to try to control P2P networks?

For what it's worth, I can do close to 10Mbps both up and down to one of a Linode 2048 with kernel 3.14.5-x86_64-linode42, and latency between my client (NY) and the Linode (Dallas) of about 50ms. Now, that's just directly to the Linode (so not through it to the Internet) but I do think there's got to be something else going on in your case than just VPN overhead.

-- David

TCP mode seems basically identical in every way stability wise, but it is substantially slower. In TCP mode I range from 80kb/s-500kb/s. Often bouncing between the two in a matter of seconds.

When I run the speedtest I checked top on the server and it's around 10% cpu load in both UDP or TCP, so I don't think I'm overloading it with OpenVPN encryption.

Could be your ISP, try the same access/speed tests from another internet connection.

@vonskippy:

Could be your ISP, try the same access/speed tests from another internet connection.

I'm using Verizon FiOS for the record.

I also just ran a test using SSH tunneling and while it wasn't nearly as fast as the direct proxy, it went quite quickly regardless.

@Varda Elbereth:

I also just ran a test using SSH tunneling and while it wasn't nearly as fast as the direct proxy, it went quite quickly regardless.

Also try sshuttle, it's SSH tunneling on steroids.

If your ISP is throttling VPN traffic, one of the easiest workarounds is to run SSH on a commonly used port like 443 (HTTPS) and tunnel all your traffic through it. With little tricks like sslh, you could even run SSH on the same port as a real HTTPS website. It makes a lot of difference on throttled connections.

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Log in to Reply
Community Code of Conduct