OpenVPN TCP 443 low connexion
Hello people !
I'm quiet new on Pfsense - OpenVPN and I'm actually learning a lot lately.
Right now, I would like to implement a VPN over TCP 443 in order to bypass most of firewall/proxy of public wifi (hotels, restaurents, etc.).
But I have such a low speed connexion ! I'm trying to figure out why, and I think I need help.
Ok, first, I have dedicated server at OVH running Proxmox.
I setup PfSense 2.5.1 as VM on it with a public IP (additionnal IP fail-over from OVH).
There is a LAN behind this firewall and I setup a VPN over UDP with a random port.
Works perfectly ! I have a really good connexion from home (more less 30-40 Mbps)
Then I realized that lot of public wifi is blocking some traffic (Firewall or Proxy), and the best option it to setup a VPN over TCP 443 and even TLS encrypt for extrem VPN haters. I'm kidding, the I would like the VPN works from most of country in the world. So this option would be nice.
I knew the performance would be impacted, but I didn't expected that muh ! Now I have a speed connexion of 4 Mbps max !
I found that I could change few things as MTU, buffering, data encryption or some more things I still didn't understand what's for like below...
fast-io, sndbuf 524288; rcvbuf 524288;
If anyone have an idea if it's normal to have that bad speed on TCP or it's supposed to be better ?
Thank you !
Ok, it's looks to be mainly a latency problem and maybe a bit because of peering in the Internet provider.
I did a few speedtest without VPN, with VPN over UDP and with VPN over TCP from diferent places
Test from may current location :
No VPN : 224ms / 54 Mbps
VPN UDP : 299ms / 46 Mbps
VPN TCP : 304ms / 4 Mbps
Test from a PC in France (near to the server) :
No VPN : 22ms / 16.7 Mbps
VPN UDP : 21ms / 16.4 Mbps
VPN TCP : 21ms / 16.4 Mbps
So : latence + peering problem = Low performance...
I guess, I have no better solution
Look like it's the latency which impact the TCP VPN.
Wel, I cannot do to much things about it, so I will keep 2 VPN and when UDP is blocked, I will use the TCP.