OpenVPN has built-in support for LZO compression if compiled properly. All Windows binaries have LZO compression available by default. In this recipe, we will show what is the performance of using LZO compression when transferring both easily compressible data (such as web pages) and non-compressible data (such as photographs or binaries).
We use the following network layout:
Set up the client and server certificates using the Setting up the public and private keys recipe from Chapter 2, Client-server IP-only Networks. For this recipe, the server computer was running CentOS 6 Linux and OpenVPN 2.3.11. The first client was running Fedora 22 Linux and OpenVPN 2.3.11. Keep the configuration file basic-udp-server.conf
from the Server-side routing recipe from Chapter 2, Client-server IP-only Networks, as well as the client configuration file basic-udp-client.conf
. The recipe was repeated with a second client running Windows 7 64bit and OpenVPN 2.3.11. Keep the configuration file basic-udp-server.conf
from the Server-side routing recipe from Chapter 2, Client-server IP-only Networks, as well as the client configuration file basic-udp-client.ovpn
from the Using an ifconfig-pool block .
basic-udp-server.conf
file:comp-lzo
Save it as example8-6-server.conf
.
[root@server]# openvpn --config example8-6-server.conf
basic-udp-client.conf
file:comp-lzo
Save it as example8-6-client.conf
.
[root@client]# openvpn --config example8-6-client.conf
iperf
on the server:[server]$ iperf -s
[client]$ iperf -c <openvpn-server-ip>
This results in a throughput of about 50 Mbps over an 802.11n wireless network.
[client]$ dd if=/dev/urandom bs=1024k count=60 of=random [client]$ iperf -c 10.200.0.1 -F random [ 4] 0.0-10.0 sec 35.0 MBytes 29.3 Mbits/sec
In the first step, we create a 60MB file with random data. Then, we measure the iperf
performance when transferring this file.
[client]$ dd if=/dev/zeroes bs=1024k count=60 of=zeroes [client]$ iperf -c 10.200.0.1 -F zeroes [ 5] 0.0- 5.9 sec 58.6 MBytes 83.3 Mbits/sec
The performance of the VPN tunnel when transferring compressible data such as text files and web pages is shown.
basic-udp-client.ovpn
file:comp-lzo
Save it as example8-6.ovpn
.
The results of the iperf
measurement are slightly different:
Clearly, the OpenVPN configuration needs to be optimized, but that is outside the scope of this recipe. These results do show that for both Windows and Linux clients, there is a significant performance boost when the data that is sent over the tunnel is easily compressible.
When compression is enabled, all packets that are sent over the tunnel are compressed before they are encrypted and transferred to the other side. Compression is done using the LZO library, which is integrated into OpenVPN. This compression is done on-the-fly, which means that the compression ratios achieved are not as good as when compressing the data in advance. When transferring text pages, the performance gain is nevertheless significant.
When the following configuration directive is used, adaptive compression is enabled by default:
comp-lzo
When OpenVPN detects that a particular piece of data is not compressible, it sends the data to the remote VPN endpoint without compressing it first. By specifying the following on both ends each packet is always compressed:
comp-lzo yes
Depending on the type of data that is transferred, the performance is slightly better.
3.22.130.108