Discussion:
[Openvpn-users] Endian as client -- PKCS12?
Ken D'Ambrosio
2010-09-03 15:18:43 UTC
Permalink
Hey, all. I'm trying to get an Endian box to work as a client using a
PKCS12 certificate. But -- well, Google seems to be failing me.
Suggestions on how to generate this key? I've found pkitool, but its
function seems to be, shall we say, non-intuitive.

Here's what I *think* I want to have happen:


[OpenVPN box (server)]<----------------->[Endian box (client)]

1) OpenVPN server is already running with stock SSL certs.
2) Somehow, I generate this PKCS12 certificate on the server-side.
2) Then, I install it onto the Endian box.

If yes, what options should I use to create the certs? If not, where's my
thinking wrong?

Thanks!

-Ken
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
David Sommerseth
2010-09-03 16:57:53 UTC
Permalink
Post by Ken D'Ambrosio
Hey, all. I'm trying to get an Endian box to work as a client using a
PKCS12 certificate. But -- well, Google seems to be failing me.
Suggestions on how to generate this key? I've found pkitool, but its
function seems to be, shall we say, non-intuitive.
[OpenVPN box (server)]<----------------->[Endian box (client)]
1) OpenVPN server is already running with stock SSL certs.
2) Somehow, I generate this PKCS12 certificate on the server-side.
2) Then, I install it onto the Endian box.
If yes, what options should I use to create the certs? If not, where's my
thinking wrong?
You are not thinking wrong. As I understand it the Endian boxes can be
installed with OpenVPN, so that should be a safe route.

You have found some scripts related to easy-rsa (pkitool). Using
pkitool directly can be a but tricky when you've not done it before.
But there are a lot of other helper script available which uses pkitool.
Have a look at this document for more information about easy-rsa:

<http://openvpn.net/index.php/open-source/documentation/miscellaneous/77-rsa-key-management.html>

But, also be aware you *do not* need to use easy-rsa. You can also use
other tools like ssl-admin [1], TinyCA2 [2] or XCA [3]. They might even
be easier to use. The two latter ones are GUI applications, while
ssl-admin is a Perl script, aimed for console usage.

The important thing to remember is that the CA (which easy-rsa,
ssl-admin, TinyCA2, XCA and similar apps are), should normally not
reside on an easy accessible box, especially with Internet connection.
Ideally, it's a completely offline box where you copy out the keys and
certificates manually.

So which files are needed then to make this work?

On the server:
- dh*.pem
- server.key
- server.crt (server certificate)
- ca.crt (CA certificate)
OR
- dh*.pem
- pkcs12 file


On the client:
- client.key
- client.crt
- ca.crt
OR
- pkcs12 file

The CA certificate is needed to check that the certificate being used
(on both sides) are from a trusted party. When a client connects, the
client will receive the server certificate and check if it is signed by
the local CA in ca.crt. The client will send it's client.crt to the
server and the server will check if the client cert is signed by the
ca.crt the server got locally.

This is basically it.


kind regards,

David Sommerseth


[1] <https://secure-computing.net/svn/trunk/ssl-admin/perl/>
[2] <http://tinyca.sm-zone.net/>
[3] <http://www.hohnstaedt.de/xca.html>
J Webster
2010-09-05 15:00:36 UTC
Permalink
Hi
I am still having a massive problem trying to tget to the bottom of why the
badnwdith is reduced on my VPN server as compared with the proxy.
Clients are able to vie video seamlessly when connecting from the internet
to the proxy server (for geo ip).
However, when they connect to the VPN, the video streams tend to stutter and
continuous playback is impossible.
This was improved somewhat by swapping over to a udp connection but there
are still stuttering moments.
I have tried the stack settings and also the mtu to no avail.
Any ideas on what I can try next? Could it be a routing issue, could
something else be restricting the bandwidth on the VPN only?

server.conf:
local 88.xxx.xxx.xxx
port 1194
proto udp
dev tun1
crl-verify /etc/openvpn/crl.pem
client-config-dir /etc/openvpn/ccd
ca ca.crt
cert server.crt
key server.key
dh dh1024.pem
server 10.8.0.0 255.255.255.0
push "redirect-gateway"
push "dhcp-option DNS 213.171.192.249"
push "dhcp-option DNS 213.171.192.245"
ifconfig-pool-persist ipp.txt
keepalive 10 120
comp-lzo
user nobody
group users
persist-key
persist-tun
status openvpn-status2.log
verb 0
log /var/log/openvpn2.log
tun-mtu 1500
fragment 1300
mssfix
sndbuf 204800
rcvbuf 204800

client:
client
dev tun1
proto udp
remote 88.xxx.xxx.xxx 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert adminuser.crt
key adminuser.key
ns-cert-type server
comp-lzo
verb 1
tun-mtu 1500
fragment 1300
mssfix
sndbuf 204800
rcvbuf 204800
David Sommerseth
2010-09-05 19:18:35 UTC
Permalink
Post by J Webster
Hi
I am still having a massive problem trying to tget to the bottom of why the
badnwdith is reduced on my VPN server as compared with the proxy.
Clients are able to vie video seamlessly when connecting from the internet
to the proxy server (for geo ip).
However, when they connect to the VPN, the video streams tend to stutter and
continuous playback is impossible.
This was improved somewhat by swapping over to a udp connection but there
are still stuttering moments.
I have tried the stack settings and also the mtu to no avail.
Any ideas on what I can try next? Could it be a routing issue, could
something else be restricting the bandwidth on the VPN only?
Are these config lines really needed?

tun-mtu 1500
fragment 1300
mssfix
sndbuf 204800
rcvbuf 204800

I am quite often doing live video streaming over OpenVPN with AES-256
encryption, and I have no problem at all with stuttering video. It can
play 2-3 hours without any glitch (I seldom watch longer than that).
But I also don't use those config lines above.


kind regards,

David Sommerseth
J Webster
2010-09-05 20:03:19 UTC
Permalink
I can take them out but I was advised to put them in as when I didn't have
them I was getting video playback errors.
Is there any chance that ICMP block rules in my firewall could cause some of
these issues?

This is my iptables script (the udp VPN server runs on xx.xx9):
# Generated by iptables-save v1.3.5 on Sat Aug 7 15:55:43 2010
*filter
:INPUT DROP [13:2248]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [5:260]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 1057 -m state --state NEW -m
recent --set --name SSH --rsource
-A INPUT -i eth0 -p tcp -m tcp --dport 1057 -m state --state NEW -m
recent --update --seconds 60 --hitcount 2 --rttl --name SSH --rsource -j
DROP
-A INPUT -d 88.xxx.xxx.xx9 -p tcp -m tcp --dport 1057 -m state --state
NEW -j ACCEPT
-A INPUT -d 88.xxx.xxx.xx9 -p tcp -m tcp --dport 5555 -m state --state
NEW -j ACCEPT
-A INPUT -d 88.xxx.xxx.xx9 -p tcp -m tcp --dport 1194 -m state --state
NEW -j ACCEPT
-A INPUT -d 88.xxx.xxx.xx9 -p udp -m udp --dport 1194 -m state --state
NEW -j ACCEPT
-A INPUT -i tun+ -j ACCEPT
-A INPUT -i tap+ -j ACCEPT
-A INPUT -p udp -m udp --dport 53 -m state --state NEW -j ACCEPT
-A INPUT -p tcp -m tcp --dport 53 -m state --state NEW -j ACCEPT
-A INPUT -p udp -m udp --dport 123 -m state --state NEW -j ACCEPT
-A INPUT -p tcp -m tcp --dport 8002 -m state --state NEW -j ACCEPT
-A INPUT -p tcp -m tcp --dport 9001 -m state --state NEW -j ACCEPT
-A INPUT -p tcp -m tcp --dport 80 -m state --state NEW -j ACCEPT
-A INPUT -d 88.xxx.xxx.xx8 -p tcp -m state --state NEW -m tcp --dport
8080 -j ACCEPT
-A INPUT -d 88.xxx.xxx.xx8 -p tcp -m state --state NEW -m tcp --dport
1935 -j ACCEPT
-A INPUT -d 88.xxx.xxx.xx8 -p tcp -m state --state NEW -m tcp --dport 80 -j
ACCEPT
-A INPUT -d 88.xxx.xxx.xx8 -p tcp -m state --state NEW -m tcp --dport 443 -j
ACCEPT
-A INPUT -d 88.xxx.xxx.xx9 -p tcp -m state --state NEW -m tcp --dport 443 -j
ACCEPT
-A INPUT -p icmp -m limit --limit 1/sec --limit-burst 1 -j ACCEPT
-A INPUT -d 88.xxx.xxx.xx8 -p icmp -m icmp --icmp-type 8 -m state --state
NEW,RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i eth0 -o tun+ -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i tun+ -j ACCEPT
-A FORWARD -i tap+ -j ACCEPT
-A OUTPUT -s 88.xxx.xxx.xx9 -p tcp -m tcp --dport 1194 -m state --state
NEW -j ACCEPT
-A OUTPUT -s 88.xxx.xxx.xx9 -p udp -m udp --dport 1194 -m state --state
NEW -j ACCEPT
-A OUTPUT -s 88.xxx.xxx.xx9 -p tcp -m tcp --dport 443 -m state --state
NEW -j ACCEPT
-A OUTPUT -s 88.xxx.xxx.xx8 -p icmp -m icmp --icmp-type 0 -m state --state
RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
COMMIT
# Completed on Sat Aug 7 15:55:43 2010
# Generated by iptables-save v1.3.5 on Sat Aug 7 15:55:43 2010
*nat
:PREROUTING ACCEPT [13:7569]
:POSTROUTING ACCEPT [8:3135]
:OUTPUT ACCEPT [8:3135]
-A PREROUTING -d 88.xxx.xxx.xx9 -p tcp -m tcp --dport 443 -j
DNAT --to-destination 88.xxx.xxx.xx9:1194
-A POSTROUTING -s 172.16.0.0/255.255.255.0 -o eth0 -j MASQUERADE
-A POSTROUTING -s 10.8.0.0/255.255.255.0 -o eth0 -j SNAT --to-source
88.xxx.xxx.xx9
COMMIT
# Completed on Sat Aug 7 15:55:43 2010


--------------------------------------------------
From: "David Sommerseth" <***@topphemmelig.net>
Sent: Sunday, September 05, 2010 3:18 PM
To: "J Webster" <***@hotmail.com>
Cc: <openvpn-***@lists.sourceforge.net>
Subject: Re: [Openvpn-users] Bandwidth reduced on VPN udp
Post by David Sommerseth
Are these config lines really needed?
tun-mtu 1500
fragment 1300
mssfix
sndbuf 204800
rcvbuf 204800
I am quite often doing live video streaming over OpenVPN with AES-256
encryption, and I have no problem at all with stuttering video. It can
play 2-3 hours without any glitch (I seldom watch longer than that).
But I also don't use those config lines above.
kind regards,
David Sommerseth
AR
2010-09-05 21:28:54 UTC
Permalink
I block ICMP on my OpenVPN server and have no issues. I also have to use
TCP for my VPN connection. Though I use my VPN server for DNS, it looks
like you are using external DNS servers, not sure if this will make a
difference?

I do set MTU 1500 but I do not use:
fragment 1300
mssfix
sndbuf 204800
rcvbuf 204800


Your streaming server is not also you OpenVPN server is it? Not sure if
it would matter but if it is, you may need robust hardware?

My streaming server is another server within my network.

Not sure if I helped? Just wanted to share my experience.
Post by J Webster
I can take them out but I was advised to put them in as when I didn't have
them I was getting video playback errors.
Is there any chance that ICMP block rules in my firewall could cause some of
these issues?
J Webster
2010-09-06 15:25:42 UTC
Permalink
I took those out of the client and server configs and restarted the udp
service.
On going to speedtest.net I get this when connected to the VPN:
ping 289ms
Down 0.58Mbps
Up: 0.84 Mbps

On connecting directly to the proxy server on the same server box I get:
ping 414ms
Down 2.54Mbps
Up: 0.22 Mbps

The actual server is in a data centre with 100Mbps so there's no restriction
on that end apart from network traffic.

The streaming server is just another site on the internet.
So, for example the client accesses the proxy server and types in
www.googlevideos.com and plays the video with the proxy as an in between
server.
For the VPN, the client accesses the VPN server and types in
www.googlevideos.com and plays the video with the VPN as an in between
relay - it's not VPN in the strict sense of just gaining access to a private
network, it's more of a public server with security access restrictions for
geo IP location.

That is a lot of throttling for an encryption though to lose a whole 2Mbps
andvideo can't be played very well at that speed.
--------------------------------------------------
From: "AR" <***@hotmail.com>
Sent: Sunday, September 05, 2010 5:28 PM
To: "J Webster" <***@hotmail.com>
Cc: <openvpn-***@lists.sourceforge.net>
Subject: Re: [Openvpn-users] Bandwidth reduced on VPN udp
Post by AR
I block ICMP on my OpenVPN server and have no issues. I also have to use
TCP for my VPN connection. Though I use my VPN server for DNS, it looks
like you are using external DNS servers, not sure if this will make a
difference?
fragment 1300
mssfix
sndbuf 204800
rcvbuf 204800
Your streaming server is not also you OpenVPN server is it? Not sure if
it would matter but if it is, you may need robust hardware?
My streaming server is another server within my network.
Not sure if I helped? Just wanted to share my experience.
J Webster
2010-09-07 14:26:16 UTC
Permalink
I did try some MTU setting before of 1400, 1460, 1300 and the difference was
minimal.
Not sure what else to try or how to troubleshoot. I suppose I could follow
the traffic but not sure if it would help resolve the throttling issue?

--------------------------------------------------
From: "AR" <***@hotmail.com>
Sent: Sunday, September 05, 2010 5:28 PM
To: "J Webster" <***@hotmail.com>
Cc: <openvpn-***@lists.sourceforge.net>
Subject: Re: [Openvpn-users] Bandwidth reduced on VPN udp
Post by AR
I block ICMP on my OpenVPN server and have no issues. I also have to use
TCP for my VPN connection. Though I use my VPN server for DNS, it looks
like you are using external DNS servers, not sure if this will make a
difference?
fragment 1300
mssfix
sndbuf 204800
rcvbuf 204800
Your streaming server is not also you OpenVPN server is it? Not sure if
it would matter but if it is, you may need robust hardware?
My streaming server is another server within my network.
Not sure if I helped? Just wanted to share my experience.
Post by J Webster
I can take them out but I was advised to put them in as when I didn't have
them I was getting video playback errors.
Is there any chance that ICMP block rules in my firewall could cause some of
these issues?
o***@rkmorris.us
2010-09-08 00:28:09 UTC
Permalink
Hi,

I was doing some testing with iperf, and found that changing the TCP
Window size can have a significant impact (~ 5-10x). Have you tried this?

I did see the same as you - MTU doesn't seem to have an impact.

... Russell



-----Original Message-----
From: J Webster [***@hotmail.com]
Sent: Tuesday, September 07, 2010 9:26 AM
To: AR; openvpn-***@lists.sourceforge.net
Subject: Re: [Openvpn-users] Bandwidth reduced on VPN udp

I did try some MTU setting before of 1400, 1460, 1300 and the difference
was
minimal.
Not sure what else to try or how to troubleshoot. I suppose I could follow

the traffic but not sure if it would help resolve the throttling issue?

--------------------------------------------------
From: "AR" <***@hotmail.com>
Sent: Sunday, September 05, 2010 5:28 PM
To: "J Webster" <***@hotmail.com>
Cc: <openvpn-***@lists.sourceforge.net>
Subject: Re: [Openvpn-users] Bandwidth reduced on VPN udp
Post by AR
I block ICMP on my OpenVPN server and have no issues. I also have to use
TCP for my VPN connection. Though I use my VPN server for DNS, it looks
like you are using external DNS servers, not sure if this will make a
difference?
fragment 1300
mssfix
sndbuf 204800
rcvbuf 204800
Your streaming server is not also you OpenVPN server is it? Not sure if
it would matter but if it is, you may need robust hardware?
My streaming server is another server within my network.
Not sure if I helped? Just wanted to share my experience.
Post by J Webster
I can take them out but I was advised to put them in as when I didn't
have
them I was getting video playback errors.
Is there any chance that ICMP block rules in my firewall could cause
some
Post by AR
Post by J Webster
of
these issues?
--------------------------------------------------------------------------
----
This SF.net Dev2Dev email is sponsored by:

Show off your parallel programming skills.
Enter the Intel(R) Threading Challenge 2010.
http://p.sf.net/sfu/intel-thread-sfd
Jan Just Keijser
2010-09-08 06:59:10 UTC
Permalink
Hi Russell,
Post by o***@rkmorris.us
Hi,
I was doing some testing with iperf, and found that changing the TCP
Window size can have a significant impact (~ 5-10x). Have you tried this?
I did see the same as you - MTU doesn't seem to have an impact.
which TCP window size are you talking about? the operating system window
size? or is there a related openvpn parameter (that I do not know of) ?
which values did you try?

thx,

JJK
Post by o***@rkmorris.us
-----Original Message-----
Sent: Tuesday, September 07, 2010 9:26 AM
Subject: Re: [Openvpn-users] Bandwidth reduced on VPN udp
I did try some MTU setting before of 1400, 1460, 1300 and the difference
was
minimal.
Not sure what else to try or how to troubleshoot. I suppose I could follow
the traffic but not sure if it would help resolve the throttling issue?
--------------------------------------------------
Sent: Sunday, September 05, 2010 5:28 PM
Subject: Re: [Openvpn-users] Bandwidth reduced on VPN udp
Post by AR
I block ICMP on my OpenVPN server and have no issues. I also have to use
TCP for my VPN connection. Though I use my VPN server for DNS, it looks
like you are using external DNS servers, not sure if this will make a
difference?
fragment 1300
mssfix
sndbuf 204800
rcvbuf 204800
Your streaming server is not also you OpenVPN server is it? Not sure if
it would matter but if it is, you may need robust hardware?
My streaming server is another server within my network.
Not sure if I helped? Just wanted to share my experience.
Post by J Webster
I can take them out but I was advised to put them in as when I didn't
have
them I was getting video playback errors.
Is there any chance that ICMP block rules in my firewall could cause
some
Post by AR
Post by J Webster
of
these issues?
o***@rkmorris.us
2010-09-08 13:25:13 UTC
Permalink
Hi,
Sorry, I have to admit - I'm not quite sure how iperf is using this parameter (and what it is actually changing). I simply changed it via jperf, and found that it had a substantial impact on performance ... so likely worth digging in to, so we can understand this a bit better (as it's the first change I've seen that had such an impact) ... agreed?
I figured I'd at least let folks know about this, as it may help us in this hunt ... :-).
Thanks!
... Russell
Post by Jan Just Keijser
Hi Russell,
Post by o***@rkmorris.us
Hi,
I was doing some testing with iperf, and found that changing the TCP
Window size can have a significant impact (~ 5-10x). Have you tried this?
I did see the same as you - MTU doesn't seem to have an impact.
which TCP window size are you talking about? the operating system window
size? or is there a related openvpn parameter (that I do not know of) ?
which values did you try?
thx,
JJK
Post by o***@rkmorris.us
-----Original Message-----
Sent: Tuesday, September 07, 2010 9:26 AM
Subject: Re: [Openvpn-users] Bandwidth reduced on VPN udp
I did try some MTU setting before of 1400, 1460, 1300 and the difference
was
minimal.
Not sure what else to try or how to troubleshoot. I suppose I could follow
the traffic but not sure if it would help resolve the throttling issue?
--------------------------------------------------
Sent: Sunday, September 05, 2010 5:28 PM
Subject: Re: [Openvpn-users] Bandwidth reduced on VPN udp
Post by AR
I block ICMP on my OpenVPN server and have no issues. I also have to use
TCP for my VPN connection. Though I use my VPN server for DNS, it looks
like you are using external DNS servers, not sure if this will make a
difference?
fragment 1300
mssfix
sndbuf 204800
rcvbuf 204800
Your streaming server is not also you OpenVPN server is it? Not sure if
it would matter but if it is, you may need robust hardware?
My streaming server is another server within my network.
Not sure if I helped? Just wanted to share my experience.
Post by J Webster
I can take them out but I was advised to put them in as when I didn't
have
them I was getting video playback errors.
Is there any chance that ICMP block rules in my firewall could cause
some
Post by AR
Post by J Webster
of
these issues?
J Webster
2010-09-08 16:19:33 UTC
Permalink
Richard Munger
2010-09-08 17:32:27 UTC
Permalink
Russell,

Did you change TCP Window Size for Server, client, or both?

Rick



From: ***@rkmorris.us [mailto:***@rkmorris.us]
Sent: Tuesday, September 07, 2010 8:28 PM
To: J Webster; AR; openvpn-***@lists.sourceforge.net
Subject: Re: [Openvpn-users] Bandwidth reduced on VPN udp





Hi,

I was doing some testing with iperf, and found that changing the TCP
Window size can have a significant impact (~ 5-10x). Have you tried this?

I did see the same as you - MTU doesn't seem to have an impact.

... Russell



-----Original Message-----
From: J Webster [***@hotmail.com]
Sent: Tuesday, September 07, 2010 9:26 AM
To: AR; <mailto:%20openvpn-***@lists.sourceforge.net>
openvpn-***@lists.sourceforge.net
Subject: Re: [Openvpn-users] Bandwidth reduced on VPN udp

I did try some MTU setting before of 1400, 1460, 1300 and the difference
was
minimal.
Not sure what else to try or how to troubleshoot. I suppose I could follow

the traffic but not sure if it would help resolve the throttling issue?

--------------------------------------------------
From: "AR" <***@hotmail.com>
Sent: Sunday, September 05, 2010 5:28 PM
To: "J Webster" <***@hotmail.com>
Cc: <openvpn-***@lists.sourceforge.net>
Subject: Re: [Openvpn-users] Bandwidth reduced on VPN udp
Post by AR
I block ICMP on my OpenVPN server and have no issues. I also have to use
TCP for my VPN connection. Though I use my VPN server for DNS, it looks
like you are using external DNS servers, not sure if this will make a
difference?
fragment 1300
mssfix
sndbuf 204800
rcvbuf 204800
Your streaming server is not also you OpenVPN server is it? Not sure if
it would matter but if it is, you may need robust hardware?
My streaming server is another server within my network.
Not sure if I helped? Just wanted to share my experience.
Post by J Webster
I can take them out but I was advised to put them in as when I didn't
have
them I was getting video playback errors.
Is there any chance that ICMP block rules in my firewall could cause
some
Post by AR
Post by J Webster
of
these issues?
--------------------------------------------------------------------------
----
This SF.net Dev2Dev email is sponsored by:

Show off your parallel programming skills.
Enter the Intel(R) Threading Challenge 2010.
http://p.sf.net/sfu/intel-thread-sfd
=20
1970-01-01 00:00:00 UTC
Permalink
This is a multi-part message in MIME format.

------=_NextPart_000_00F8_01CB4F50.1830F230
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

I have tried by adding these lines to the iptables script and restarted it:
-A POSTROUTING -o eth0 -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --set-mss 1460
-A POSTROUTING -o eth0 -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu

However, the stuttering still occurs on the VPN server.

I think I have already done the TCP stack changes but do not really understand why that should make a massive difference. Not only that, but once you get into editing registry entries, it's beyond the capabilities of most client users.
Do you have any suggested values for the stack?


From: ***@rkmorris.us
Sent: Tuesday, September 07, 2010 8:28 PM
To: J Webster ; AR ; openvpn-***@lists.sourceforge.net
Subject: RE: [Openvpn-users] Bandwidth reduced on VPN udp




Hi,

I was doing some testing with iperf, and found that changing the TCP
Window size can have a significant impact (~ 5-10x). Have you tried this?

I did see the same as you - MTU doesn't seem to have an impact.

... Russell


------=_NextPart_000_00F8_01CB4F50.1830F230
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META content=text/html;charset=iso-8859-1 http-equiv=Content-Type>
<STYLE id=axi-htmleditor-style type=text/css>p { margin: 0px; }</STYLE>

<META name=GENERATOR content="MSHTML 8.00.6001.18939"></HEAD>
<BODY
style="BACKGROUND-IMAGE: none; PADDING-LEFT: 10px; BACKGROUND-ATTACHMENT: fixed; PADDING-RIGHT: 10px; BACKGROUND-REPEAT: repeat; FONT-FAMILY: Arial; FONT-SIZE: 10pt; PADDING-TOP: 15px"
id=MailContainerBody leftMargin=0 topMargin=0 CanvasTabStop="true"
name="Compose message area">
<DIV>I have tried by adding these lines to the iptables script and restarted
it:<BR>-A POSTROUTING -o eth0 -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS
--set-mss 1460<BR>-A POSTROUTING -o eth0 -p tcp -m tcp --tcp-flags SYN,RST SYN
-j TCPMSS --clamp-mss-to-pmtu</DIV>
<DIV>&nbsp;</DIV>
<DIV>However, the stuttering still occurs on the VPN server.<BR></DIV>
<DIV>I think I have already done the TCP stack changes&nbsp;but do not really
understand&nbsp;why that should make a massive difference. Not only that, but
once you get into editing registry entries, it's beyond the capabilities of most
client users.</DIV>
<DIV>Do you have any suggested values for the stack?</DIV>
<DIV style="FONT: 10pt Tahoma">
<DIV><BR></DIV>
<DIV style="BACKGROUND: #f5f5f5">
<DIV style="font-color: black"><B>From:</B> <A
title="mailto:***@rkmorris.us&#10;CTRL + Click to follow link"
href="mailto:***@rkmorris.us">***@rkmorris.us</A> </DIV>
<DIV><B>Sent:</B> Tuesday, September 07, 2010 8:28 PM</DIV>
<DIV><B>To:</B> <A title=***@hotmail.com
href="mailto:***@hotmail.com">J Webster</A> ; <A
title=***@hotmail.com href="mailto:***@hotmail.com">AR</A> ; <A
title="mailto:openvpn-***@lists.sourceforge.net&#10;CTRL + Click to follow link"
href="mailto:openvpn-***@lists.sourceforge.net">openvpn-***@lists.sourceforge.net</A>
</DIV>
<DIV><B>Subject:</B> RE: [Openvpn-users] Bandwidth reduced on VPN
udp</DIV></DIV></DIV>
<DIV><BR></DIV><BR>
<DIV style="FONT-FAMILY: Arial; FONT-SIZE: 10pt">Hi,<BR><BR>I was doing some
testing with iperf, and found that changing the TCP<BR>Window size can have a
significant impact (~ 5-10x). Have you tried this?<BR><BR>I did see the same as
you - MTU doesn't seem to have an impact.<BR><BR>...
Russell<BR><BR></DIV></BODY></HTML>

------=_NextPart_000_00F8_01CB4F50.1830F230--
o***@rkmorris.us
2010-09-08 19:09:44 UTC
Permalink
* 1024x768
*
* 110 Clean false false false EN-US ZH-CN AR-SA MicrosoftInternetExplorer4

/* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-qformat:yes; mso-style-parent:""; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-para-margin:0in; mso-para-margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:10.0pt; font-family:"Times New Roman","serif";} HiRick,

Ichanged it on the client (only) – not sure if the parameter being changed in iperf changes any settings on the server or not (when theclient connects).


Russell



From: Richard Munger [mailto:***@eigercreative.com]
Sent: Wednesday, September 08, 2010 12:32 PM
To: ***@rkmorris.us; 'J Webster'; 'AR';openvpn-***@lists.sourceforge.net
Subject: RE: [Openvpn-users] Bandwidth reduced on VPN udp

Russell,
Did you change TCP WindowSize for Server, client, or both?
Rick

From: ***@rkmorris.us[mailto:***@rkmorris.us]
Sent: Tuesday, September 07, 2010 8:28 PM
To: J Webster; AR; openvpn-***@lists.sourceforge.net
Subject: Re: [Openvpn-users] Bandwidth reduced on VPN udp


Hi,

I was doing some testing with iperf, and found that changing the TCP
Window size can have a significant impact (~ 5-10x). Have you tried this?

I did see the same as you - MTU doesn't seem to have an impact.

... Russell



-----Original Message-----
From: J Webster [***@hotmail.com]
Sent: Tuesday, September 07, 2010 9:26 AM
To: AR;openvpn-***@lists.sourceforge.net
Subject: Re: [Openvpn-users] Bandwidth reduced on VPN udp

I did try some MTU setting before of 1400, 1460, 1300 and the difference
was
minimal.
Not sure what else to try or how to troubleshoot. I suppose I could follow

the traffic but not sure if it would help resolve the throttling issue?

--------------------------------------------------
From: "AR" <***@hotmail.com>
Sent: Sunday, September 05, 2010 5:28 PM
To: "J Webster" <***@hotmail.com>
Cc: <openvpn-***@lists.sourceforge.net>
Subject: Re: [Openvpn-users] Bandwidth reduced on VPN udp
Post by AR
I block ICMP on my OpenVPN server and have no issues. I also have to use
TCP for my VPN connection. Though I use my VPN server for DNS, it looks
like you are using external DNS servers, not sure if this will make a
difference?
fragment 1300
mssfix
sndbuf 204800
rcvbuf 204800
Your streaming server is not also you OpenVPN server is it? Not sure if
it would matter but if it is, you may need robust hardware?
My streaming server is another server within my network.
Not sure if I helped? Just wanted to share my experience.
Post by J Webster
I can take them out but I was advised to put them in as when I didn't
have
them I was getting video playback errors.
Is there any chance that ICMP block rules in my firewall could cause
some
Post by AR
Post by J Webster
of
these issues?
--------------------------------------------------------------------------
----
This SF.net Dev2Dev email is sponsored by:

Show off your parallel programming skills.
Enter the Intel(R) Threading Challenge 2010.
http://p.sf.net/sfu/intel-thread-sfd
J
2010-09-08 23:42:04 UTC
Permalink
Folks, I made a change to my openvpn server last week, the network should always have been 10.0.18.0, but type-o and I made it 10.0.8.0. I had been working just fine for months, with 10.0.8.0 network, When I made the change I started getting the following error and my two clients can not connect. I am using pfsense as my server and it has worked flawlessly except for some initial (run the client as admin issues when I did the initial install).



Can anyone tell what the code 4 error is or if it is causing the sighup ?



Any input welcome , and thank you.



Server Error

Sep 8 18:11:18 openvpn[525]: OpenVPN 2.0.6 i386-portbld-freebsd7.2 [SSL] [LZO] built on Aug 13 2009

Sep 8 18:11:18 openvpn[525]: WARNING: file '/var/etc/openvpn_server0.key' is group or others accessible

Sep 8 18:11:18 openvpn[525]: gw 75.74.12.1

Sep 8 18:11:18 openvpn[525]: TUN/TAP device /dev/tun0 opened

Sep 8 18:11:18 openvpn[525]: /sbin/ifconfig tun0 10.0.18.1 10.0.18.2 mtu 1500 netmask 255.255.255.255 up
Sep 8 18:11:18 openvpn[525]: /etc/rc.filter_configure tun0 1500 1542 10.0.18.1 10.0.18.2 init

Sep 8 18:11:21 openvpn[534]: UDPv4 link local (bound): [undef]:1194

Sep 8 18:11:21 openvpn[534]: UDPv4 link remote: [undef]

Sep 8 18:11:21 openvpn[534]: Initialization Sequence Completed

Sep 8 18:11:21 openvpn[534]: Need IPv6 code in mroute_extract_addr_from_packet

Sep 8 18:11:59 openvpn[534]: event_wait : Interrupted system call (code=4)
Sep 8 18:11:59 openvpn[534]: /etc/rc.filter_configure tun0 1500 1542 10.0.18.1 10.0.18.2 init

Sep 8 18:12:04 openvpn[534]: SIGHUP[hard,] received, process restarting



Client 2 Log and Config

___________________________________________________________________________________________________________________________________________________



Wed Sep 08 17:39:31 2010 OpenVPN 2.1.1 i686-pc-mingw32 [SSL] [LZO2] [PKCS11] built on Dec 11 2009

Wed Sep 08 17:39:31 2010 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables

Wed Sep 08 17:39:31 2010 LZO compression initialized

Wed Sep 08 17:39:31 2010 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]

Wed Sep 08 17:39:31 2010 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]

Wed Sep 08 17:39:31 2010 Local Options hash (VER=V4): '41690919'

Wed Sep 08 17:39:31 2010 Expected Remote Options hash (VER=V4): '530fdded'

Wed Sep 08 17:39:31 2010 Socket Buffers: R=[8192->8192] S=[8192->8192]

Wed Sep 08 17:39:31 2010 UDPv4 link local: [undef]

Wed Sep 08 17:39:31 2010 UDPv4 link remote: 5.3.13.18:1194

Wed Sep 08 17:40:31 2010 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)

Wed Sep 08 17:40:31 2010 TLS Error: TLS handshake failed

Wed Sep 08 17:40:31 2010 TCP/UDP: Closing socket

Wed Sep 08 17:40:31 2010 SIGUSR1[soft,tls-error] received, process restarting

Wed Sep 08 17:40:31 2010 Restart pause, 2 second(s)



Client Config File ------------

float

client

dev tun

proto udp

remote my.openvpn.org 1194

resolv-retry infinite

nobind

persist-key

persist-tun



ca ca.crt

cert client1.crt

key client1.key



ns-cert-type server

comp-lzo

verb 3

route-method exe





Client 2 Log

Wed Sep 08 18:32:03 2010 OpenVPN 2.0.9 Win32-MinGW [SSL] [LZO] built on Oct 1 2006

Wed Sep 08 18:32:03 2010 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port.

Wed Sep 08 18:32:03 2010 LZO compression initialized

Wed Sep 08 18:32:03 2010 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]

Wed Sep 08 18:32:03 2010 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]

Wed Sep 08 18:32:03 2010 Local Options hash (VER=V4): '41690919'

Wed Sep 08 18:32:03 2010 Expected Remote Options hash (VER=V4): '530fdded'

Wed Sep 08 18:32:03 2010 UDPv4 link local: [undef]

Wed Sep 08 18:32:03 2010 UDPv4 link remote: 5.3.13.18:1194 <http://65.3.163.118:1194>

Wed Sep 08 18:33:03 2010 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)

Wed Sep 08 18:33:03 2010 TLS Error: TLS handshake failed

Wed Sep 08 18:33:03 2010 TCP/UDP: Closing socket

Wed Sep 08 18:33:03 2010 SIGUSR1[soft,tls-error] received, process restarting

Wed Sep 08 18:33:03 2010 Restart pause, 2 second(s)



float

client

dev tun

proto udp

remote my.openvpn.org 1194

resolv-retry infinite

nobind

persist-key

persist-tun

ca ca.crt

cert client2.crt

key client2.key

ns-cert-type server

comp-lzo

verb 3

route-method exe
Samuli Seppänen
2010-09-09 07:04:40 UTC
Permalink
Hi Russell,

What iperf command line did you use on the client and server?

Samuli
Hi Rick,
I changed it on the client (only) – not sure if the parameter being
changed in iperf changes any settings on the server or not (when the
client connects).
… Russell
*Sent:* Wednesday, September 08, 2010 12:32 PM
*Subject:* RE: [Openvpn-users] Bandwidth reduced on VPN udp
Russell,
Did you change TCP Window Size for Server, client, or both?
Rick
*Sent:* Tuesday, September 07, 2010 8:28 PM
*Subject:* Re: [Openvpn-users] Bandwidth reduced on VPN udp
Hi,
I was doing some testing with iperf, and found that changing the TCP
Window size can have a significant impact (~ 5-10x). Have you tried this?
I did see the same as you - MTU doesn't seem to have an impact.
... Russell
-----Original Message-----
Sent: Tuesday, September 07, 2010 9:26 AM
Subject: Re: [Openvpn-users] Bandwidth reduced on VPN udp
I did try some MTU setting before of 1400, 1460, 1300 and the difference
was
minimal.
Not sure what else to try or how to troubleshoot. I suppose I could follow
the traffic but not sure if it would help resolve the throttling issue?
--------------------------------------------------
Sent: Sunday, September 05, 2010 5:28 PM
Subject: Re: [Openvpn-users] Bandwidth reduced on VPN udp
Post by AR
I block ICMP on my OpenVPN server and have no issues. I also have to use
TCP for my VPN connection. Though I use my VPN server for DNS, it looks
like you are using external DNS servers, not sure if this will make a
difference?
fragment 1300
mssfix
sndbuf 204800
rcvbuf 204800
Your streaming server is not also you OpenVPN server is it? Not sure if
it would matter but if it is, you may need robust hardware?
My streaming server is another server within my network.
Not sure if I helped? Just wanted to share my experience.
Post by J Webster
I can take them out but I was advised to put them in as when I didn't
have
them I was getting video playback errors.
Is there any chance that ICMP block rules in my firewall could cause
some
Post by AR
Post by J Webster
of
these issues?
--------------------------------------------------------------------------
----
Show off your parallel programming skills.
Enter the Intel(R) Threading Challenge 2010.
http://p.sf.net/sfu/intel-thread-sfd
_______________________________________________
Openvpn-users mailing list
https://lists.sourceforge.net/lists/listinfo/openvpn-users
o***@rkmorris.us
2010-09-09 23:26:23 UTC
Permalink
Hi,
The server was simply "iperf -s". On the client end it was the following (auto-generated by jperf),1) Auto TCP Window Size: iperf -c server -P 1 -i 1 -p 5001 -f k -t 102) 56K TCP Window Size: iperf -c server -P 1 -i 1 -p 5001 -w 56.0K -f k -t 10
... Russell
Post by Jan Just Keijser
Hi Russell,
What iperf command line did you use on the client and server?
Samuli
Hi Rick,
I changed it on the client (only) – not sure if the parameter being
changed in iperf changes any settings on the server or not (when the
client connects).

 Russell
*Sent:* Wednesday, September 08, 2010 12:32 PM
*Subject:* RE: [Openvpn-users] Bandwidth reduced on VPN udp
Russell,
Did you change TCP Window Size for Server, client, or both?
Rick
*Sent:* Tuesday, September 07, 2010 8:28 PM
*Subject:* Re: [Openvpn-users] Bandwidth reduced on VPN udp
Hi,
I was doing some testing with iperf, and found that changing the TCP
Window size can have a significant impact (~ 5-10x). Have you tried this?
I did see the same as you - MTU doesn't seem to have an impact.
... Russell
-----Original Message-----
Sent: Tuesday, September 07, 2010 9:26 AM
Subject: Re: [Openvpn-users] Bandwidth reduced on VPN udp
I did try some MTU setting before of 1400, 1460, 1300 and the difference
was
minimal.
Not sure what else to try or how to troubleshoot. I suppose I could follow
the traffic but not sure if it would help resolve the throttling issue?
--------------------------------------------------
Sent: Sunday, September 05, 2010 5:28 PM
Subject: Re: [Openvpn-users] Bandwidth reduced on VPN udp
Post by AR
I block ICMP on my OpenVPN server and have no issues. I also have to use
TCP for my VPN connection. Though I use my VPN server for DNS, it looks
like you are using external DNS servers, not sure if this will make a
difference?
fragment 1300
mssfix
sndbuf 204800
rcvbuf 204800
Your streaming server is not also you OpenVPN server is it? Not sure if
it would matter but if it is, you may need robust hardware?
My streaming server is another server within my network.
Not sure if I helped? Just wanted to share my experience.
Post by J Webster
I can take them out but I was advised to put them in as when I didn't
have
them I was getting video playback errors.
Is there any chance that ICMP block rules in my firewall could cause
some
Post by AR
Post by J Webster
of
these issues?
--------------------------------------------------------------------------
----
Show off your parallel programming skills.
Enter the Intel(R) Threading Challenge 2010.
http://p.sf.net/sfu/intel-thread-sfd
_______________________________________________
Openvpn-users mailing list
https://lists.sourceforge.net/lists/listinfo/openvpn-users
------------------------------------------------------------------------------
Show off your parallel programming skills.
Enter the Intel(R) Threading Challenge 2010.
http://p.sf.net/sfu/intel-thread-sfd
_______________________________________________
Openvpn-users mailing list
https://lists.sourceforge.net/lists/listinfo/openvpn-users
J Webster
2010-09-10 00:33:18 UTC
Permalink
Just to throw a spanner in the works...what would you do on a windows client?


From: ***@rkmorris.us
Sent: Thursday, September 09, 2010 7:26 PM
To: Samuli SeppÀnen
Cc: openvpn-***@lists.sourceforge.net
Subject: Re: [Openvpn-users] Bandwidth reduced on VPN udp


Hi,


The server was simply "iperf -s". On the client end it was the following (auto-generated by jperf),
1) Auto TCP Window Size: iperf -c server -P 1 -i 1 -p 5001 -f k -t 10
2) 56K TCP Window Size: iperf -c server -P 1 -i 1 -p 5001 -w 56.0K -f k -t 10


... Russell





On Thu, Sep 9, 2010 02:04 AM, Samuli SeppÀnen <***@openvpn.net> wrote:

Hi Russell,

What iperf command line did you use on the client and server?

Samuli
Hi Rick,
I changed it on the client (only) – not sure if the parameter being
changed in iperf changes any settings on the server or not (when the
client connects).

 Russell
*Sent:* Wednesday, September 08, 2010 12:32 PM
*Subject:* RE: [Openvpn-users] Bandwidth reduced on VPN udp
Russell,
Did you change TCP Window Size for Server, client, or both?
Rick
*Sent:* Tuesday, September 07, 2010 8:28 PM
*Subject:* Re: [Openvpn-users] Bandwidth reduced on VPN udp
Hi,
I was doing some testing with iperf, and found that changing the TCP
Window size can have a significant impact (~ 5-10x). Have you tried this?
I did see the same as you - MTU doesn't seem to have an impact.
... Russell
-----Original Message-----
Sent: Tuesday, September 07, 2010 9:26 AM
Subject: Re: [Openvpn-users] Bandwidth reduced on VPN udp
I did try some MTU setting before of 1400, 1460, 1300 and the difference
was
minimal.
Not sure what else to try or how to troubleshoot. I suppose I could follow
the traffic but not sure if it would help resolve the throttling issue?
--------------------------------------------------
Sent: Sunday, September 05, 2010 5:28 PM
Subject: Re: [Openvpn-users] Bandwidth reduced on VPN udp
Post by AR
I block ICMP on my OpenVPN server and have no issues. I also have to use
TCP for my VPN connection. Though I use my VPN server for DNS, it looks
like you are using external DNS servers, not sure if this will make a
difference?
fragment 1300
mssfix
sndbuf 204800
rcvbuf 204800
Your streaming server is not also you OpenVPN server is it? Not sure if
it would matter but if it is, you may need robust hardware?
My streaming server is another server within my network.
Not sure if I helped? Just wanted to share my experience.
Post by J Webster
I can take them out but I was advised to put them in as when I didn't
have
them I was getting video playback errors.
Is there any chance that ICMP block rules in my firewall could cause
some
Post by AR
Post by J Webster
of
these issues?
--------------------------------------------------------------------------
----
Show off your parallel programming skills.
Enter the Intel(R) Threading Challenge 2010.
http://p.sf.net/sfu/intel-thread-sfd
_______________________________________________
Openvpn-users mailing list
https://lists.sourceforge.net/lists/listinfo/openvpn-users
------------------------------------------------------------------------------
This SF.net Dev2Dev email is sponsored by:

Show off your parallel programming skills.
Enter the Intel(R) Threading Challenge 2010.
http://p.sf.net/sfu/intel-thread-sfd
_______________________________________________
Openvpn-users mailing list
Openvpn-***@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users



--------------------------------------------------------------------------------


------------------------------------------------------------------------------
Automate Storage Tiering Simply
Optimize IT performance and efficiency through flexible, powerful,
automated storage tiering capabilities. View this brief to learn how
you can reduce costs and improve performance.
http://p.sf.net/sfu/dell-sfdev2dev


--------------------------------------------------------------------------------
o***@rkmorris.us
2010-09-10 00:49:00 UTC
Permalink
Hi,
Sorry, I should have clarified - this is a Windows client, connected to a Linux server.
... Russell
Post by J Webster
Just to throw a spanner in the works...what would you do on a windows client?
Hi,
The server was simply "iperf -s". On the client end it was the following (auto-generated by jperf),1) Auto TCP Window Size: iperf -c server -P 1 -i 1 -p 5001 -f k -t 102) 56K TCP Window Size: iperf -c server -P 1 -i 1 -p 5001 -w 56.0K -f k -t 10
... Russell
Post by Jan Just Keijser
Hi Russell,
What iperf command line did you use on the client and server?
Samuli
Post by Jan Just Keijser
Hi Rick,
I changed it on the client (only) – not sure if the parameter being
changed in iperf changes any settings on the server or not (when the
client connects).

 Russell
*Sent:* Wednesday, September 08, 2010 12:32 PM
*Subject:* RE: [Openvpn-users] Bandwidth reduced on VPN udp
Russell,
Did you change TCP Window Size for Server, client, or both?
Rick
*Sent:* Tuesday, September 07, 2010 8:28 PM
*Subject:* Re: [Openvpn-users] Bandwidth reduced on VPN udp
Hi,
I was doing some testing with iperf, and found that changing the TCP
Window size can have a significant impact (~ 5-10x). Have you tried this?
I did see the same as you - MTU doesn't seem to have an impact.
... Russell
-----Original Message-----
Sent: Tuesday, September 07, 2010 9:26 AM
Subject: Re: [Openvpn-users] Bandwidth reduced on VPN udp
I did try some MTU setting before of 1400, 1460, 1300 and the difference
was
minimal.
Not sure what else to try or how to troubleshoot. I suppose I could follow
the traffic but not sure if it would help resolve the throttling issue?
--------------------------------------------------
Sent: Sunday, September 05, 2010 5:28 PM
Subject: Re: [Openvpn-users] Bandwidth reduced on VPN udp
I block ICMP on my OpenVPN server and have no issues. I also have to use
TCP for my VPN connection. Though I use my VPN server for DNS, it looks
like you are using external DNS servers, not sure if this will make a
difference?
fragment 1300
mssfix
sndbuf 204800
rcvbuf 204800
Your streaming server is not also you OpenVPN server is it? Not sure if
it would matter but if it is, you may need robust hardware?
My streaming server is another server within my network.
Not sure if I helped? Just wanted to share my experience.
I can take them out but I was advised to put them in as when I didn't
have
them I was getting video playback errors.
Is there any chance that ICMP block rules in my firewall could cause
some
of
these issues?
--------------------------------------------------------------------------
----
Show off your parallel programming skills.
Enter the Intel(R) Threading Challenge 2010.
http://p.sf.net/sfu/intel-thread-sfd
_______________________________________________
Openvpn-users mailing list
https://lists.sourceforge.net/lists/listinfo/openvpn-users
------------------------------------------------------------------------------
Show off your parallel programming skills.
Enter the Intel(R) Threading Challenge 2010.
http://p.sf.net/sfu/intel-thread-sfd
_______________________________________________
Openvpn-users mailing list
https://lists.sourceforge.net/lists/listinfo/openvpn-users
J Webster
2010-09-10 01:03:54 UTC
Permalink
So, iperf has to be running on the Windows client, ie an extra install to go with the VPN client before testing?


From: ***@rkmorris.us
Sent: Thursday, September 09, 2010 8:49 PM
To: J Webster
Cc: Samuli SeppÀnen ; openvpn-***@lists.sourceforge.net
Subject: Re: [Openvpn-users] Bandwidth reduced on VPN udp


Hi,


Sorry, I should have clarified - this is a Windows client, connected to a Linux server.


... Russell
Richard Munger
2010-09-10 03:38:34 UTC
Permalink
JW,

Try using TCPAnalyzer available at www.speedguide.net/analyzer.php to see where your settings are now.

Try using TCPOptimizer available at www.speedguide.net/downloads.php to tune/adjust your windows settings.



Rick



From: J Webster [mailto:***@hotmail.com]
Sent: Thursday, September 09, 2010 9:04 PM
To: ***@rkmorris.us; Samuli SeppÀnen; openvpn-***@lists.sourceforge.net
Subject: Re: [Openvpn-users] Bandwidth reduced on VPN udp



So, iperf has to be running on the Windows client, ie an extra install to go with the VPN client before testing?



From: ***@rkmorris.us

Sent: Thursday, September 09, 2010 8:49 PM

To: J Webster <mailto:***@hotmail.com>

Cc: Samuli SeppÀnen <mailto:***@openvpn.net> ; openvpn-***@lists.sourceforge.net

Subject: Re: [Openvpn-users] Bandwidth reduced on VPN udp



Hi,



Sorry, I should have clarified - this is a Windows client, connected to a Linux server.



... Russell
o***@rkmorris.us
2010-09-10 19:19:52 UTC
Permalink
Hi,
Nope, no real install on the Windows Client - just download and run jperf (http://code.google.com/p/xjperf/). iperf is included in this download also.
... Russell
Post by J Webster
So, iperf has to be running on the Windows client, ie an extra install to go with the VPN client before testing?
Hi,
Sorry, I should have clarified - this is a Windows client, connected to a Linux server.
... Russell
Loading...