4
8
I need to have remote access to my server. I would like to have X Forwarding functionality as well. SSH provides me with that; however, it's a little slow over the internet. Would OpenVPN perform better? Or is there an alternative that would perform better?
ageis23
Posted 2011-01-27T16:38:57.960
Reputation: 599
7
I would like to have x forwarding functionality as well. SSH provides me with that however it's a little slow over the internet. Would openvpn perform better?
Any forwarding done over an SSH will be subject to the well known TCP-over-TCP problem. The TCP protocol adds a fair amount of overhead because it is a transactional protocol. Using a UDP tunnel which is the OpenVPN default, will allow you to avoid all the issues with tunneling TCP over TCP.
I really doubt it will help much for a forwarded X11 session though. X11 is extremely sensitive to latency and jitter. No tunneling protocol, even the most efficient can overcome latency or over-saturated Internet links.
Zoredache
Posted 2011-01-27T16:38:57.960
Reputation: 18 453
4
This SO answer says SSH tunneling doesn't have the TCP-over-TCP problem: http://serverfault.com/a/653748/180974
– Jeff Widman – 2016-03-24T01:59:50.920Welcome to the ranks of the Stack Athletes.
– Paused until further notice. – 2011-01-28T20:52:51.7273
SSH vs OpenVPN for Tunneling: As long as you only need one TCP port forwarded, SSH is a much faster choice, because it has less overhead.
Ria
Posted 2011-01-27T16:38:57.960
Reputation: 131
1
SSH will connect you to your computer. OpenVPN will connect you to your network. It will make it seem as if you are connected directly to your network. This can sometimes cause extra traffic, for example, if your machine suddenly sees its shared network drives, or network printers, it might start talking to them.
If you just want to have remote desktop control, what about one of the many, many VNC variants, that are light weight in size and traffic. You could open and forward a nonstandard port on your router..
Brian
Posted 2011-01-27T16:38:57.960
Reputation: 2 934
1True, a VPN is a much more ... sophisticated solution. If you only want remote desktop you shouldn't open a VPN. Also opening a VPN might affect your normal internet connection and network connection :). (It might start going over the VPN). Now I cant decide if I want to vote up you or Zoredache – sinni800 – 2011-01-28T07:11:22.890
1
Have you tried the -C option in ssh to enable compression? You can also set the compression level in the config file as described in the ssh manual for "CompressionLevel". This should use less bandwidth.
I have no experience with openVPN so unfortunately I can't give you a good comparison. I would think that forwarding X could theoretically go faster since it seems to use a lot local X session code in order to display certain windows instead of painting the whole desktop like with VNC. I don't know for sure though.
I'm assuming your using a command like ssh -C -X username@yourdomain.com and starting gui programs from the commandline like /usr/bin/firefox.
If you want to tunnel VNC over your ssh session, you can use ssh port forwarding without having to open any further ports in the firewall. You just need a vnc server on the remote host.
ssh -C -L 4000:localhost:5900 username@yourdomain.com
(assuming the vnc server is serving on port 5900)
Then open up a vnc client on your local machine and connect it to localhost:4000
I tested both ssh options on my LAN and X-session forwarding far outperformed any of my local VNC tests. I was able to watch youtube videos from one x-session to the other in half-watchable quality. The sound however still played on the original system.
James T
Posted 2011-01-27T16:38:57.960
Reputation: 8 515
If possible, you should switch from X forwarding to NX or VNC to speed it up. X forwarding is not bandwidth-wise in any sense. – Olli – 2011-01-27T16:41:41.043
In my experience, VNC is about as bad as X Forwarding. NX is nice, though. – Fake Name – 2011-01-28T07:08:47.590