We’ve written before about how using Replify Accelerator can improve the performance of a VPN connection. In this article we focused on the advantages for home-workers, as that use-case was very important during the Covid-19 pandemic.
However, we recently received a request from one of our partners regarding acceleration of a site-to-site VPN connection.
There are many scenarios where Replify Accelerator provides optimization across multiple sites. However we don’t tend to think about how they communicate with each other. This is different from a remote access VPN where users have to actively create the connection when they turn on their laptop.
Typically a site to site VPN will be always-on and will give users the impression they are on the same network as colleagues who are at a remote location.
Creating a Site-to-Site VPN
There are many products out there that provide corporate VPN functionality. These range from simple products that just provide a VPN to more complex products that provide a VPN along with a multitude of features.
Smaller enterprises often use OpenVPN. This is available both as a free version and a low cost commercial version that contains extra functionality to simplify deployment.
Similar to Replify Accelerator, OpenVPN is software based and available for a wide variety of OSes. Therefore it is generally straight forward to use it for connecting multiple sites in an organization with each other.
Creating an accelerated Site-to-Site VPN
OpenVPN focuses on transferring data in a secure manner between networks. It does not optimize this data in any way. This is where we can get involved.
If our partner could implement a site-to-site VPN that also had acceleration, this would be a compelling offering to their customers compared to standard VPN functionality. Was it possible?
I took a standard Replify Accelerator test environment with a client, web server and two Virtual Appliances. I then moved one of the VAs and the server to it’s own network. This resulted in a loss of connectivity between the client and server.
I installed the standard OpenVPN Debian package on both VAs and started up a VPN tunnel between them. This connected the two networks together and my two VAs could communicate with each other.
Now any traffic going between the client and server is traversing the VPN and consumes less bandwidth than normal.
The really neat thing about this was that I didn’t have to perform any special customization in order to to get the two products to work together. The standard out-of-the-box configurations were completely compatible!
Couldn’t I have just enabled OpenVPN compression functionality?
OpenVPN has it’s own compression functionality which is disabled by default. Yes, enabling this is a possibility but it wouldn’t have provided the same benefit for several reasons:
- OpenVPN uses LZO compression. This has a much lower compression ratio than the algorithm used by Replify Accelerator.
- A lot of VPN traffic will be encrypted and compression will have minimal effect. Replify Accelerator is able to decrypt this data and perform compression effectively on the encrypted content.
- Replify Accelerator also has de-duplication functionality. This means that content that has been sent across the VPN before will be retrieved from a cache rather than being re-sent.