Just to update this thread... Tcp protocol based openvpn had terrible jitter. while same hardware and almost identical configuration (using udp instead of tcp as the openvpn protocol) had no jitter at all
So there seems to be something introducing a huge delay for small packets over tcp based openvpn tunnels On 8 Oct 2016 13:13, "Tom Smyth" <tom.sm...@wirelessconnect.eu> wrote: > Hello, > > I have tried compiling the openvpn source code on my router > (a pcengines ALU2 ) device... no difference compared with the package > I have tried increasing the process priority using renice but this has not > helped > I have tried changing the storage on the router > (incase slow storage was holding up the kernel) > no difference in result > > when I run openvpn on centos in a similar > setup and hardware, but the small packet latency /jitter issue does not > happen. > > I have attached the dmesg also > Thanks > > Tom Smyth > > > > > > On Thu, Sep 29, 2016 at 2:43 PM, Tom Smyth <tom.sm...@wirelessconnect.eu> > wrote: > >> Hi Lads, >> >> I was testing out the openvpn port package and openbsd 6.0 >> and I found that while the tunnels are very stable, >> there is considerable jitter when sending >> small packets / small pings across the tunnel, >> while if I used large packets the latency was much more in line with >> network conditions outside the tunnel, >> >> the latency on the network outside the tunnel was 8-12ms >> >> the latency on small packets was anything from 12-200ms >> and the pings would stay at 200ms for some periods... >> >> however pinging large packets across the tunnel would give 12-15ms latency >> in a much more consistent manner. >> >> has anyone else come across this ? >> >> >> echo client >/etc/openvpn/openvpn1.conf >> echo tls-client>>/etc/openvpn/openvpn1.conf >> echo remote serveripaddress 443>>/etc/openvpn/openvpn1.conf >> echo proto tcp-client >>/etc/openvpn/openvpn1.conf >> echo dev tap1 >>/etc/openvpn/openvpn1.conf >> echo ca /etc/openvpn/ca.crt >>/etc/openvpn/openvpn1.conf >> echo cert /etc/openvpn/2700002.crt>>/etc/openvpn/openvpn1.conf >> echo key /etc/openvpn/private/2700002.dekey>>/etc/openvpn/openvpn1.conf >> echo keepalive 1 3>>/etc/openvpn/openvpn1.conf >> echo cipher AES-128-CBC>>/etc/openvpn/openvpn1.conf >> echo daemon openvpn >>/etc/openvpn/openvpn1.conf >> echo #tls-auth /etc/openvpn/private/tlsauth.key >> >>/etc/openvpn/openvpn1.conf >> echo mlock >>/etc/openvpn/openvpn1.conf >> >> I have tried tcp_nodelay, etc but i get a warning about it not being >> supported >> by the kernel at run time ... >> >> any tips would be appreciated... >> >> Tom Smyth
