Jump to content
Not connected, Your IP: 3.144.224.116
Sign in to follow this  
Rashan

VPN over SSH performance issues

Recommended Posts

I've been assisting a friend in getting set up with AirVPN. He's currently at a university out of the US and needs a VPN primarily for accessing US restricted content. Unfortunately, his university network effectively blocks everything, PPTP won't connect on other VPN providers, and AirVPN is unable to complete TLS handshakes on any port available.

 

I did manage to get him up and running with AirVPN running over SSH, however, the performance is leaving a great deal to be desired: maybe 8-10 kilobytes/second.

 

I spoke with a friend of mine who is a networking professional, and he recommended a possible solution. Basically, disable the encryption on the VPN tunnel, and instead rely on the encryption in SSH to protect the session. Given the architecture of AirVPN, will the servers allow unencrypted VPN tunnels? And is this a secure or practical thing to do?

 

Thanks.

Share this post


Link to post

Hello!

 

Unfortunately at the moment the suggested solution is not available. However, it is very questionable that putting no encryption on the VPN Data Channel will have any benefit, UNLESS the system has some 10-15 years old CPU. Chances are that SSH is capped to 64-80 kbit/s or so. If your friend can access https web sites with higher speed, then the way to go is OpenVPN over SSL.

 

Kind regards

Share this post


Link to post

Thanks for the response.

 

The concern cited also focused on possible fragmentation. I'll give the Stunnel option another go tomorrow. The internet connection in question is extremely poor(~200ms ping to google) which may be the primary factor here. SSH disconnects every few minutes or so.

Share this post


Link to post

Hello!

 

You're absolutely right, fragmentation would be "a disaster" for performance. Try fine tuning with mssfix and fragment directives on the client side, a good source to start is this thread https://forums.openvpn.net/topic8279.html (besides of course the OpenVPN manual). Fragmentation will not occur with TCP, but this does not mean of course that performance is not impaired in a high-latency network.

 

Kind regards

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image
Sign in to follow this  

×
×
  • Create New...