Re: VPN over slow Internet connections

[Ben Jencks <ben () bjencks net>]

On Apr 21, 2011, at 12:55 PM, Ben Whorwood wrote:

> Dear all,
>
> Can anyone share any thoughts or experiences for VPN links running over slow Internet connections, typically 2kB/s - 
> 3kB/s (think 33.6k modem)?
>
> We are looking into utilising OpenVPN for out-of-office workers who would be running mobile broadband in rural areas. 
> Typical data across the wire would be SQL queries for custom applications and not much else.
>
> Some initial thoughts include...
>
>  * How well would the connection handle certificate (>= 2048 bit key) based authentication?

Should be fine. Might take 30 seconds to connect, but after connection it makes no difference

>  * Is UDP or TCP better considering the speed and possibility of packet loss (no figures to hand)?

Since you're running TCP applications (database connections), you definitely want UDP. TCP-in-UDP behaves correctly in 
the presence of packet loss, TCP-in-TCP behaves horribly (it causes exponential backoff on the outer VPN connection, 
which causes queueing of the inner packets when they should be dropped. I've seen 20-30 second latencies with TCP VPNs 
over slow/lossy links).

>  * Is VPN over this type of connection simply a bad idea?

It shouldn't be any worse than running directly over the connection. With a UDP VPN it does packet-by-packet 
encapsulation, so it only adds the fixed per-packet overhead.