VPN over slow Internet connections

Darden, Patrick S. darden at armc.org
Thu Apr 21 17:10:09 UTC 2011

There's not that much overhead--your certs should be ok.  TCP for SQL would just make sense.  I personally wouldn't want to do what you are contemplating.  Here's some stuff to think about:

1.  your modems will not be able to do compression.  You can't easily compress random data (e.g. encrypted).
2.  you won't get 33.6 unless your phone lines are pristine.  You better plan on 28.8--if you are lucky.
3.  I would hone my SQL sharply so it produces the smallest most relevant data sets possible.

4.  you might want to give them some kind of termnial/shell access for doing their SQL remotely, instead of from home.  Telnet or SSH.  If you used SSH you could obviate using a separate VPN, you could use -C for compression, and you could do your SQL on the server side (or the on-site side)--all in all a speedier alternative.

--Patrick Darden

-----Original Message-----
From: Ben Whorwood [mailto:bw-ml at mube.co.uk]
Sent: Thursday, April 21, 2011 12:56 PM
To: nanog at nanog.org
Subject: VPN over slow Internet connections

Dear all,

Can anyone share any thoughts or experiences for VPN links running over 
slow Internet connections, typically 2kB/s - 3kB/s (think 33.6k modem)?

We are looking into utilising OpenVPN for out-of-office workers who 
would be running mobile broadband in rural areas. Typical data across 
the wire would be SQL queries for custom applications and not much else.

Some initial thoughts include...

   * How well would the connection handle certificate (>= 2048 bit key) 
based authentication?
   * Is UDP or TCP better considering the speed and possibility of 
packet loss (no figures to hand)?
   * Is VPN over this type of connection simply a bad idea?

Many thanks in advance.

Kind regards,
Ben Whorwood

More information about the NANOG mailing list