[Nikos Mavrogiannopoulos]

On Wed, Jul 23, 2014 at 2:44 PM, Andrew Rose <andreyrose at gmail.com> wrote:
> Hi everyone!
> I have a question about ocserv. I managed to compile from source the
> latest version.
> But while testing the speed I have a data rate via ocserv about 3.2
> times slower than ssh proxy. 1 megabytes compared to 3.2 via ssh
> proxy. As a client, I used the official cisco anyconnect client. This
> is normal, or maybe something fix it in the config, that would
> increase the speed of the connection

Hello,
 I don't know how ssh proxy works (whether a tun device is involved or
not), or which ciphers are in use so such a comparison may not make
sense. However, there are things you could try.

1. Is the bottleneck on receive, send or both?

2. Does the bottleneck persist when using openconnect?

3. You seem to set output-buffer = 10, which is an option that reduces
bandwidth for latency. Unset it.

4. Do not explicitly set an mtu and enable try-mtu-discovery (the
latter option sets the don't fragment bit on packets sent by the
server).

5. What is the cpu load of the server under heavy transfer? Is it
heavily loaded or idle?

6. If the load is high, which version of gnutls do you use? The latest
the better in terms of performance (3.2.15 or better).

7. See the README file and try perf on ocserv, to discover any obvious
bottleneck.

regards,
Nikos