New on LowEndTalk? Please Register and read our Community Rules.
What's the fastest VPN protocol?
Just wondering, what's the fastest VPN protocol?
Most links I see on the web are from commercial VPN providers, they might have their own agenda. I am also not concerned about server location, and also not with privacy.
Currently I use PPTP, L2TP OpenVPN and also some testing with Shadowsocks.
LowEndBox & LowEndTalk.
Comments
WireGuard should be the fastest. But it's still experimental for now.
Well, I need something that can work with an Android Client
pptp
Low Cost High Profit !
GRE tunnel /s
I feel like this is a loaded question, like what is the best car?
VPN will depend on what ports are blocked, where your located, where the VPN server is located, what route it takes to the VPN server. And that's just to start.
What? The question is pretty simple... He asks specifically about protocol and is not concerned with encryption/privacy.
Any reasonable person would assume the following:
@Jonchun
Generally yes. I like to setup something for a China trip. So I just wonder what to setup (I have already PPTP, L2TP and OpenVPN via a NAS, and it works, but it's out of the box and I can't edit anything).
I just like to try some different protocols and see how that goes, whether it's better or not.
Is encryption important? Different protocols have different encryption, some better than others and some have the option of setting the encryption which may impact performance.
PPTP shoud be the fastest, because its encryption is simple & weak. Modern VPN protocols implement more complicated encryption methods, therefore slower.
But if you're coming to China,PPTP will be the fastest ... to be blocked well before your trip ends, lol. OpenVPN also gets blocked quickly.
Try Shadowsocks (socks proxy, not VPN), or Anyconnect / ikev2.
Actually, protocol speed is the last thing to concern. First you have to find a VPS with fast connection to China.
If we are talking UDP then openvpn hands down.
But for TCP, softether beats any other protocol, as long your server is properly configured.
Performance comparisons:
https://www.softether.org/@api/deki/files/12/=1.3.jpg
If you want specifically a VPN then something UDP based i.e UDP OpenVPN or Tinc.
If you are willing to accept a tunnelling (encapsulation only) protocol then IP-in-IP, GRE, Wireguard (that order)
Latest Offer: Brazil Launch 2020 Offer
Reminds me of "which is the fastest door lock?".
My favourite prime number is 42. - \forall cpu in {intel, amd, arm}: cpu->speed -= cpu->speed/100 x irandom(15, 30) | state := hacked
Anyconnect / ikev2 will be more safer bet in china, or some complex shadowsocks setup with obfs.
In my limit knowledge, I think GFW have just gain the ability to detect is a shadowsocks server running on some ip:port, but not massively use this ability to block ips.
from what I see, shadowsocksR is the fastest and safest at this moment.
you can get it set on PC/IOS/Android, and cool thing with it, is you could even proxy the specific software
Not one of those stupid WiFi ones.
Of course not. Only the best -> lock with an app over G4!
My favourite prime number is 42. - \forall cpu in {intel, amd, arm}: cpu->speed -= cpu->speed/100 x irandom(15, 30) | state := hacked
G4? Well look at mister fancy-pants!
I did some life tests with Unicom Mobile:
27ms 113M 39M - No VPN
27ms 67M 31M - Shadowsocks (via EU server)
47ms 26M 8M - PPTP HK
58ms 23M 2M - OpenVPN HK
L2TP wouldn't connect
I am a bit puzzled by the Shadowsocks speed. Does not sound real. I tried to load a 240p Youtube video and it loaded only very slow.
In my experience PPTP is the fastest. A few years back I was in a hotel and experimenting with PPTP, OpenVPN, and L2TP with Netflix and PPTP was the only protocol that would give me HD streaming with Netflix, the others couldn't.
Need backup space? Check out BackupDragon
IPSec is the fastest secure connection. It's lower in the network stack, and as such it doesn't have the overhead SSL based VPNs do.
L2TP/IPSec is the most common IPSec combination. This is an industrial solution, and as such it's most commonly used in site-to-site VPNs or with demanding users who are pretty static.
IKEv2/IPSec is very similar to L2TP/IPSec except it's better at dealing with users switching networks, and it's a little bit speedier then L2TP.
OpenVPN is a nice product, and it provides decent speed. It's probably the easiest to get through a hostile firewall since it's just an SSL connection. IPSec is great, but it's pretty easy to block it.
PPTP is insecure, and it shouldn't be used.
I haven't tried Shadowsocks, so I can't comment.
It honestly depends how you configure either protocol. (my OpenVPN server can push over 200 mbit/s on TCP, with SSL.)
If you're in China, scrap that. Shadowsocks is one of the best options for bypassing the Great F*cking Wall of China.
Cheap me now did setup shadowsocks on a raspberry pi and hocked it up with a router on a fiber-line. Works perfectly. Worked in China also most of the time (but not all the time), would say 95% fine. I did a simple vanilla setup.
Here is one issue maybe somebody can explain: how I can measure speed? I did a speedtest on data and speed was 77M - I think that is a little bit fast and I presume the speedtest does not run via shadowsocks. Can I force speedtest to run visa SS?
Im interested with your methodology.
..like how you even ping with shadowsocks.
Why should I use a VPN if I do not care about privacy?
Otherwise you should probably ask for tunnel protocols like GRE, L2TP or other simple IP-in-IP encapsulation protocols without any encryption.
IT Service David Froehlich | Individual network and hosting solutions | AS39083 | RIPE LIR services (IPv4, IPv6, ASN)
Simply to access a site. I don't talk illegal stuff, I want to access things like Facebook, Dropbox, Google that are blocked (blocked, not illegal) in China. I don't need any higher level of privacy that I have with normal surfing.
Interesting benchmarks.
What about ARM platforms without AES instructions?
In that case you can also try to get a VPS with good connectivity (near to your location, low latency, good throughput, less and not congested peerings involved), run a proxy on it and connect to it through a SSH tunnel. It eliminates the additional L3 overhead of lower level tunnel protocols. For this purpose various NAT VPS boxes are doing a great job for small budget (probably cheaper than most VPN providers).
Polipo works well as a lightweight proxy. Take care to only bind it to localhost. Then you can build a simple SSH tunnel and use the tunneled port as your local proxy. To route only certain requests/domains through your proxy you can use a proxy.pac file in your browser which is really convinient. This way you can surf the web regularly and access sites like Facebook through your proxy automatically.
IT Service David Froehlich | Individual network and hosting solutions | AS39083 | RIPE LIR services (IPv4, IPv6, ASN)
Sorry for being out of topic.
Is it possible or it's just me that have no clue for what should I type. Seeing the search result feels like me against the world.
+1 Softether
Another +1 for Softether. Easier to install, supports more protocols, (at least for me) easier to manage.
In the past, I used netperf to measure network throughput performance through various encrypted network protocols, including those used by VPNs. I ran netperf on the local LAN most of the time, but you can also run it over the internet.
http://www.netperf.org/netperf/
One possible issue is that if the network (internet) bandwidth between the client and the server is very low, you may not see any significant throughput difference between two different protocols. That can happen if the two protocols under test are able to keep up with maximum network throughput. (Yeah, there may be minor differences due to latency, context switches, etc., but you get the idea.) Allow me to point out that if the network/internet throughput is that slow, then it really doesn't matter which protocol you use, as long as it is secure.
If you have a sufficiently high bandwidth network, then throughput may be limited by the resources on the client and server computers. If you are using VPSs, where resources are shared, then the available resources will vary from moment to moment, depending on what the other VPSs on the same host node are doing (and maybe the provider's overall network utilization, too). That makes replicating results difficult.
Another consideration is how many resources each protocol requires. Even if two protocols can achieve the same throughput for a given client/server configuration, one protocol may require more CPU, memory, context switches, etc. that can degrade the overall performance of the systems. In other words, testing with netperf on an idle system may not yield a complete picture of overall system performance under load.
Benchmarking can be tricky, n'est ce pas?
what a smelly noob.
Thread necro award goes to...
As you are going to China, you shouldn't use traditional protocols, because they can be detected and blocked easily in China. The best thing you should use is shadowsocks (kind of easy) or v2ray(kind of complex). If you insist to use VPN, OpenConnect is relatively more stable than the traditional.
Standard VPN protocols do NOT work in China. Do not use them, you will have your server's IP blacklisted.
Shadowsocks (even with obfs) has been detected. You should try instead to use something like v2ray (mentioned above) or just buy a paid VPN service like vpn.ac. They monitor blocking in China and change their IPs when they get blocked.
Only use 2 myself OpenVPN and L2TP/IPSEC custom rolled and speeds I get from my Android 8 mobile speedtest are
Of course my VPN servers are within 10-40ms ping from me - chosen for proximity to get the best speed.
* Centmin Mod LEMP Stack Quick Install Guide
@ehhthing said:
My question was a bit rhetorical. I was really just interested in the speed and not in the China issue.
To the latter, Outline works well, so does ShadowsocksR. Great is also that you can channel V2Ray now through Cloudflare.
Well, Wiregaurd is probably your best bet for "fastest vpn protocol"
There is no best protocol but only the suitable is.
Protocol is just a tool.
maybe wireguard? -> https://www.wireguard.com/
IKEv2
Two things are infinite: the universe and Hetzner; and I'm not sure about the universe.
-Albert Einstein
What do you mean...?
OpenVPN and L2TP
wireguard is damn fast. testing it right now.
indeed, Wireguard is awesome
I vote for wireguard, it is easy to set up and it is fast. You can use it on Windows (unofficial client), Linux, Mac OS and Android. I am waiting for iOS client.
Why is it better than shadowsock?
Another question is which VPN / encryption is the most energy-saving?
Literally Shadowsocks is not a VPN protocol, although it is very powerful, it was designed to break through the GFW. I did not say wireguard is better than Shadowsocks. They are two different tools.
AES has less energy consumption, http://www.eejournal.ktu.lt/index.php/elt/article/download/7118/3654
Shadowsocks isn't a VPN protocol, it is just a socks proxy.
Well, it depends on your CPU architecture, if you have a x86 CPU without dedicated instructions for AES, ChaCha20 is much faster, however it is slower on ARM. (This is assuming energy saving means faster, which is generally does since the faster something runs, the fewer CPU cycles it requires and thus the less energy it uses.)