OpenVPN speed TCP vs UDP

[Builder71]

On my RT-N66U router at home, I have a OpenVPN server running.
Today I tested my OpenVPN connection away from home with my laptop.
On the remote site I used a 20/20 Mbit connection on which I was the only user.
At home I have a 50/50 Mbit FTTH connection.

The result is that I'm not able to max out the 20/20 connection, on both upload and download, at the same server setting.

What I see is, if I use TCP for the OpenVPN connection, upload from my laptop is slow.
Download seems OK and is stable.

When I use UDP for the OpenVPN connection, download from my laptop is slow and not very stable. (speed fluctuation)
However upload seems to be OK.

If I don't use a OpenVPN connection, I was able to max out the 20/20 connection.

Is this problem with OpenVPN, or what else?
My laptop as well as my RT-N66U are not high on CPU load.

Is this only me?
I have no clue why I see these weird results.

 

[IsmaelZ]

I'm no expert, but did you check your compression settings and try different options (e.g. disabled)?

 

[cockytrumpet]

If you're using tcp over openvpn, you're encapsulating tcp over tcp. That should be worse in nearly every case. What if your inner tcp neads control over timeout or retransmission? Congestion avoidance? That won't make it to the other end of the outer tcp stream. Also the overhead of a tcp connection is being doubled. A TCP header on every packet is 20 bytes. UDP header is 8. That isn't much but really, the fact that for the most part all of the benefits of TCP are removed when encapsulated should be enough to avoid TCP over TCP.

 

[Builder71]

I'm no expert, but did you check your compression settings and try different options (e.g. disabled)?

Yes, and that does have a small influence on throughput.
For me the "Compression = Enable" settings gave the best result.
(No change in the weird upload / download difference.)

If you're using tcp over openvpn, you're encapsulating tcp over tcp. That should be worse in nearly every case. What if your inner tcp neads control over timeout or retransmission? Congestion avoidance? That won't make it to the other end of the outer tcp stream. Also the overhead of a tcp connection is being doubled. A TCP header on every packet is 20 bytes. UDP header is 8. That isn't much but really, the fact that for the most part all of the benefits of TCP are removed when encapsulated should be enough to avoid TCP over TCP.

I'm not sure what you are trying to tell me.
I don't do any weird stuff, just the basics.
See picture below.

 

[netware5]

What type is your encryption? The OpenVPN speed depends on encryption. Try to search the forum for the Merlin"s thread about testing of OpenVPN performance. As I remember according to this Merlin's investigation the N66 may reach maximum of 25Mbits/s with 128 bit AES encryption. I am using 256 bit AES encryption, so I am able to reach only 15 Mbits/s. So you can expect to be able to max a 20/20 connection only if you use 128 bit AES encryption. The above speeds are absolute maximum possible with N66 hardware. You can not expect more. You should not compare the N66 OpenVPN performance with you desktop PC or laptop as their CPUs are much more powerful than the N66's CPU.

ADDITION: Switch off the LZO compression - it increases the load of N66's CPU without providing significant benefit.

 

[Builder71]

Please read my opening post again.
I'm not complaining I can't get more with my RT-N66U hardware.

The problem is that OR my download is fine, OR my upload is fine.
I can't get 15/15 synchronous or whatever, playing with OpenVPN server settings.

This slow up OR slow down behaviour switches with the OpenVPN server protocol setting TCP or UDP.
Anyone actually tried this and what do you see?
Do you have a synchronous OpenVPN upload and download speed? (If WAN/ISP allows.)

I tried all LZO compression settings, no significant changes here.

 

[AdvHomeServer]

In general, TCP is reliable, UDP is fast because no error checking occurs. OpenVPN uses UDP by default, but, according to internet searches, it does not necessarily make it faster. The apparent double TCP effect by configuring OpenVPN with TCP does not necessarily slow down the connection due to more overhead. TCP is said to encounter less 'interference' by servers who don't like to see UDP. (I don't know the technical explanation for that.) Most of the articles said try both and see for yourself. I use TCP and port 443, not 1194.