AES overhead:
encryption process will add anywhere from 16 to 31 bytes to the overall size
HMAC overhead:
The SSR can optionally authenticate the packets it sends using HMAC (hash-based message authentication code).
Enabling HMAC authentication (done in security > hmac-mode) will add 16bytes of overhead to packets.
MetaData:
minimum metadata size is 12 bytes.