I know TCP encapsulated over TCP is a terrible idea in general, but I can deal with the occasional decreased performance and MTU issues, and the snowball effect TCP within TCP provides where error control kicks in on both layers.
The latest OpenVPN client on Windows 7 x64 has terrible latency issues, where pinging a host inside the tunnel results in a >500ms ping time, and abysmal performance overall. Throughput seems good, it really is just latency.
However, on the same computer, the OpenVPN client on Linux 64 bits (ubuntu 10.04, same OpenVPN versions, same OpenVPN Configuration, no different settings) runs flawlessly. ~30ms, everything is very usable.
On the same switch, the same OpenVPN client version, same config file, on Mac OS X 10.5 (PowerPC) also works flawlessly.
I cannot explain this at all. I have tried various things, such as decreasing the MTU value for the virtual adapter to 1400 (since the terrible-ever-since-commercial-switch documentation mentions this not being dynamically set on windows, and recommends such an action), I have tried disabling ECN, chimney and CTCP in the global TCP settings, turning lzo compression on and off, sacrificing a goat, nothing makes it better.
Any ideas? At first I thought the lack of PMTU support in OpenVPN on Windows was responsible for this, but I tried with Windows XP and it works flawlessly as well. I got reports from users that it also works flawlessly on Windows 7 32 bits. Also the doc seems to say that the MTU settings are worthless for TCP connections, and are intended for UDP.
tl;dr: OpenVPN over TCP is slow but only in windows 7 x64, everything else works fine. What gives?
Great many thanks, if someone could answer this I would be forever in debt for getting my sleep back.
Best Answer
Are you 100% sure that you are on the newest version (2.1.1)? we've actually had some linux clients experience this same problem, and what we found was that they had older versions of the client software installed.
Also noticed that if you had an old version installed, and just installed the latest version to upgrade the installer did NOT upgrade it to the latest, and still showed the old version numbers when doing "openvpn --version" from the command line after the update.
To really get the new version in we had to fully uninstall ovpn and then install the latest.
Good luck, if this doesn't help i hope you find the issue!