On Apr 21, 2011, at 12:55 PM, Ben Whorwood wrote: > Dear all, > > Can anyone share any thoughts or experiences for VPN links running over slow > Internet connections, typically 2kB/s - 3kB/s (think 33.6k modem)? > > We are looking into utilising OpenVPN for out-of-office workers who would be > running mobile broadband in rural areas. Typical data across the wire would > be SQL queries for custom applications and not much else. > > Some initial thoughts include... > > * How well would the connection handle certificate (>= 2048 bit key) based > authentication?
Should be fine. Might take 30 seconds to connect, but after connection it makes no difference > * Is UDP or TCP better considering the speed and possibility of packet loss > (no figures to hand)? Since you're running TCP applications (database connections), you definitely want UDP. TCP-in-UDP behaves correctly in the presence of packet loss, TCP-in-TCP behaves horribly (it causes exponential backoff on the outer VPN connection, which causes queueing of the inner packets when they should be dropped. I've seen 20-30 second latencies with TCP VPNs over slow/lossy links). > * Is VPN over this type of connection simply a bad idea? It shouldn't be any worse than running directly over the connection. With a UDP VPN it does packet-by-packet encapsulation, so it only adds the fixed per-packet overhead.
