Round trip time in OpenVPN tunnel varies a lot…
linch last edited by
I had to build a site-to-site VPN and I decided to use the PFsense 1.2.2.
In the beginning I used the default TUN OpenVPN device - but the result was sad… with 75 ms round trip time between the two gateway IPs (outside the tunnel) the packets inside the tunnel were with more than 200 ms time (and jumping up to 1k/2k)... even without production traffic in the tunnel the time was above 200ms...
The traffic across the tunnel isn't heavy (max 1.5Mb).
So after playing with the different ciphers, options and so on a decision was taken to try the bridging - TAP.
Actually the bridging is not per the official guides (the taps are not bridged to the CARPs). Instead of direct bridging - a routing is performed (with static route) from the LAN to the TAP interface.
The scenario with the TAP devices worked without production traffic in the tunnel (75 ms in the tunnel)...once the VPN was in production - the round trip time started jumping too high (still less than the tun mode)...
Could it be the OpenVPN itself - not able to handle many simultaneous connections? Or could it be related to the PFsense version 1.2.2? I know that the OpenVPN is claimed as a slow one... but I did not believe it would go into the direction of being unusable...
I would appreciate any advice about how to improve the performance inside the tunnel :(