Slow connections (something other than packet fragmentation?)

Nikos Mavrogiannopoulos nmav at
Tue Apr 28 12:35:30 PDT 2015

On Tue, 2015-04-28 at 18:52 +0200, Peter Brant wrote:
> On Tue, Apr 28, 2015 at 12:27 AM, David Woodhouse <dwmw2 at> wrote:
> > On Tue, 2015-04-28 at 00:14 +0200, Peter Brant wrote:
> >> >
> >> Ah, I didn't know that the performance overhead of using TCP was that severe.
> >
> > Usually it shouldn't be. But if you have a lossy path, it's going to
> > hurt a lot. It's best to eliminate it first.
> >
> Just a short follow-up to report that in my particular case, the
> performance overhead of using TCP was indeed that severe.
> The upstream firewall at my workplace is now passing DTLS traffic and
> I'm happy to report that I was able scp a large (170MB) tgz file down
> from an internal server with an average transfer rate (over four
> transfers) of 3.7 MB/s as compared with about 100 KB/s yesterday.

Interesting. On these speeds it also matters the ciphersuite in use.
Currently the fastest supported is AES-GCM and is supported by
openconnect only. Hopefully chacha20-poly1305 will also be added which
will allow higher speeds and less resources spent in server side.


More information about the openconnect-devel mailing list