I know TCP encapsulated over TCP is a terrible idea in general, but I can deal with the occasional decreased performance and MTU issues, and the snowball effect TCP within TCP provides where error control kicks in on both layers.
The latest OpenVPN client on Windows 7 x64 has terrible latency issues, where pinging a host inside the tunnel results in a >500ms ping time, and abysmal performance overall. Throughput seems good, it really is just latency.
However, on the same computer, the OpenVPN client on Linux 64 bits (ubuntu 10.04, same OpenVPN versions, same OpenVPN Configuration, no different settings) runs flawlessly. ~30ms, everything is very usable.
On the same switch, the same OpenVPN client version, same config file, on Mac OS X 10.5 (PowerPC) also works flawlessly.
I cannot explain this at all. I have tried various things, such as decreasing the MTU value for the virtual adapter to 1400 (since the terrible-ever-since-commercial-switch documentation mentions this not being dynamically set on windows, and recommends such an action), I have tried disabling ECN, chimney and CTCP in the global TCP settings, turning lzo compression on and off, sacrificing a goat, nothing makes it better.
Any ideas? At first I thought the lack of PMTU support in OpenVPN on Windows was responsible for this, but I tried with Windows XP and it works flawlessly as well. I got reports from users that it also works flawlessly on Windows 7 32 bits. Also the doc seems to say that the MTU settings are worthless for TCP connections, and are intended for UDP.
tl;dr: OpenVPN over TCP is slow but only in windows 7 x64, everything else works fine. What gives?
Great many thanks, if someone could answer this I would be forever in debt for getting my sleep back.
Are you 100% sure that you are on the newest version (2.1.1)? we've actually had some linux clients experience this same problem, and what we found was that they had older versions of the client software installed.
Also noticed that if you had an old version installed, and just installed the latest version to upgrade the installer did NOT upgrade it to the latest, and still showed the old version numbers when doing "openvpn --version" from the command line after the update.
To really get the new version in we had to fully uninstall ovpn and then install the latest.
Good luck, if this doesn't help i hope you find the issue!
Well, that windows install kicked the bucket, and I reinstalled it earlier this week. Now somehow, I no longer have that issue.
Go figure. I wish I still had a snapshot of the system so I could pinpoint the differences :(
Thanks for the help, everyone.
I had a similar issue (Win7, x64, gui1.0.3, openvpn2.1.4, lenovo t500 - intel 82567LM) - terrible latency (ping usually not below 500ms, rather >1000+ (sometimes close to 2s) and very fluctuating values (600,1800,550,1400 etc.). I have disabled IPv6 for LAN card and TAP adapter as well (only one device off didn't solve the issue) and everything seem to be ok for now.
Wild guess:
Your antivirus or too-smart firewall tries to examine traffic (tries to buffer without forwarding in hope to see a virus, then times out and sends what it has buffered).
Another wild guess:
Win7's dual stack IP4/IP6 does prefer IP6 more often. Perhaps you're hitting an issue with that. Presumably you're running IP4, does it make any difference when you disable IP6?