OpenVPN TCP 443 low connexion
-
Hello people !
I'm quiet new on Pfsense - OpenVPN and I'm actually learning a lot lately.
Right now, I would like to implement a VPN over TCP 443 in order to bypass most of firewall/proxy of public wifi (hotels, restaurents, etc.).
But I have such a low speed connexion ! I'm trying to figure out why, and I think I need help.Ok, first, I have dedicated server at OVH running Proxmox.
I setup PfSense 2.5.1 as VM on it with a public IP (additionnal IP fail-over from OVH).
There is a LAN behind this firewall and I setup a VPN over UDP with a random port.
Works perfectly ! I have a really good connexion from home (more less 30-40 Mbps)Then I realized that lot of public wifi is blocking some traffic (Firewall or Proxy), and the best option it to setup a VPN over TCP 443 and even TLS encrypt for extrem VPN haters. I'm kidding, the I would like the VPN works from most of country in the world. So this option would be nice.
I knew the performance would be impacted, but I didn't expected that muh ! Now I have a speed connexion of 4 Mbps max !
I found that I could change few things as MTU, buffering, data encryption or some more things I still didn't understand what's for like below...
fast-io, sndbuf 524288; rcvbuf 524288;If anyone have an idea if it's normal to have that bad speed on TCP or it's supposed to be better ?
Thank you !
-
Ok, it's looks to be mainly a latency problem and maybe a bit because of peering in the Internet provider.
I did a few speedtest without VPN, with VPN over UDP and with VPN over TCP from diferent placesTest from may current location :
No VPN : 224ms / 54 Mbps
VPN UDP : 299ms / 46 Mbps
VPN TCP : 304ms / 4 MbpsTest from a PC in France (near to the server) :
No VPN : 22ms / 16.7 Mbps
VPN UDP : 21ms / 16.4 Mbps
VPN TCP : 21ms / 16.4 MbpsSo : latence + peering problem = Low performance...
I guess, I have no better solution -
Update :
Look like it's the latency which impact the TCP VPN.
Wel, I cannot do to much things about it, so I will keep 2 VPN and when UDP is blocked, I will use the TCP.