VPN in Kenya is very slow with big latency

I am currenlty in Kenya deploying a project and the VPN access - ssh , web access etc to the application is very very slow with big latency. I assume that this is because the OS connects to your balena cloud in Europe so the route is quite long. Probably not an easy solution involving deploying VPN servers in African data center, but I thought I would put it out there to make you aware that apps running in Africa are quite problematic .

The application is connected to a GSM modem and now trying with safaricom to assist with opening ports, but so far no luck.

Hi @krasi-georgiev,

Thanks for reaching out. I would like to clarify some of the things to understand your issue better:

  • Do you see the problem with just SSH and the dashboard response is slow?
  • Is deploying releases slow and/or any failures you are experiencing with that?

Also, can you provide more details on the opening ports issue you mentioned with safaricom.


  • Do you see the problem with just SSH and the dashboard response is slow?
    The dashboard response is ok.

Is deploying releases slow and/or any failures you are experiencing with that?
No deploying is fast, it is slow when using the gui terminal, the Public Device Url and when ssh-ing with the balena cli.

Today I realised that safaricom doesn’t block ports so I can setup port forwarding on the router and can access the device directly so that solves some of the issues.

This is an interesting issue for me. I too have been looking at devices across the world and a little concerned about speeds, but also about security.

Just throwing it out there as an idea, at one point I had considered implementing a proxy using the service. provides a ‘WARP’ service that routes all traffic through the CloudFlare network, in theory overcoming the distance issue by hopping to the nearest CloudFlare server in Kenya, across their faster network, out another CloudFlare server near Balena in Europe and subsequently reducing latency. It’s how almost every website in the world works (not always with CloudFlare, but the theory is the same), and is available now to users through the app.

Just in the last few months their app was released for Linux, which now makes this quite viable. I haven’t done any investigation, but I suspect it would be a matter of combining these two services:

GitHub - balenalabs/proxy-tunnel: Connecting your device(s) to balenaCloud from behind a compatible proxy. (or maybe just starting from scratch: Network Setup on balenaOS 2.x - Balena Documentation)
A Dockerised version of this: https://pkg.cloudflareclient.com

I’m not sure how far you wanted to go with improving latency (and security) on the device, but seeing your post triggered the thought so figured I would throw the idea out there and see if anyone picked it up. Don’t know if I will have time to do it, but may be able to help out a bit if someone else wanted to take the lead. It could make an interesting Balena Hub addition.

Presumably that would include the VPN connection if implemented right.

Yes I really like the cloudflare idea!

I did scan over some of the docs for the new Linux version of It seems at the moment it only officially supports Ubuntu and Debian platforms. I would have preferred a smaller image size, such as Alpine or BusyBox. It also hasn’t yet added the functionality to use it as a proxy for specific traffic like some of the other apps. Moreover, it only has amd64 builds right now. These are not deal breakers, there are workarounds for some of these, but would have made things easier and less restrictive if the features were included already.

All of these features are planned for a future release of WARP according to their blog, probably next year according to a forum post. When that happens it will make a much easier integration.

today I adjusted the GSM antenna and the issue is gone so the main cause was bad network and many last packets. Now the delay is tolerable. When the network was unstable it constantly disconnect the balena ssh and web GUI terminal when at the same time a web app running on the Rpi could be accessed relatively good, so maybe the team should look into how to improve the VPN connection - to better tolerate unstable networks and not disconnect every 2-3 minutes.

1 Like

Good to know that adjusting the GSM antenna the issue is gone @krasi-georgiev

I’m going to introduce this topic into the team and we will keep you updated.

Hello @krasi-georgiev did you solve this issue?

yes after adjusting the antenna the latency is acceptable

1 Like