[TriLUG] OpenVPN

Brian Henning lugmail at cheetah.dynip.com
Thu Jul 27 22:31:52 EDT 2006


Well, obviously I'm not the expert, which is why it seems a bit like
'expert' settings to me..  But anyway, what I would experience (and it's
mentioned in the OpenVPN FAQ) is that high-traffic apps would cause the VPN
tunnel to hang after a short period.  (Perhaps "high traffic" is a bad term;
large-packet-size at least) Reducing the... something or other, mta I think
(I don't have the config in front of me) from 1500 to something like 1400
(as advised in the FAQ) cleared the problem up.  Again, I don't purport to
really understand that aspect of networking to begin with, but I would wager
it has something to do with whether packets get fragmented before or after
encapsulation, and that post-encapsulation fragmentation can cause the VPN
to hang.

I'm not accusing anyone of hallucinating..  Maybe I should have said "I had
to..." instead of "you have to..."

~B



> -----Original Message-----
> From: trilug-bounces at trilug.org [mailto:trilug-bounces at trilug.org]On
> Behalf Of Chris Knowles
> Sent: Thursday, July 27, 2006 9:20 PM
> To: Triangle Linux Users Group discussion list
> Subject: Re: [TriLUG] OpenVPN
>
>
> Really?  you do?  Huh, then I'm hallucinating again.
>
> What 'expert' twiddling do you recommend, and for what specific reason?
>
> CJK
>
> On Thu, 2006-07-27 at 17:29 -0400, Brian Henning wrote:
> > So far it's worked like a champ for me, though you have to do some
> > "expert" twiddling with mtu and other fragmentation settings before
> > it'll sail smoothly with high-traffic apps like remote desktop.
> > Definitely worth your time to investigate.  Feel free to pose any
> > specific questions you might have.
> >
> > ~B
> >
> > Eric H Christensen wrote:
> > > -----BEGIN PGP SIGNED MESSAGE-----
> > > Hash: SHA1
> > >
> > > My hope was to use OpenVPN on my laptop to create a secure connection
> > > back to my home network when I'm out on the road.  I've seen
> Free S/WAN
> > > used in such a manner but was looking at a different solution
> to compare
> > > and contrast before implementing a solution.
> > >
> > > Eric
> > >
> > >
> > > Brian Henning wrote:
> > >> Remote users of what?  I'm funneling SIP calls over OpenVPN,
> as well as
> > >> a couple TCP connections made by a proprietary product.
> > >>
> > >> ~Brian
> > >>
> > >> Eric H Christensen wrote:
> > >> Anyone using OpenVPN for remote users?
> > >>
> > >> Eric
> > >>
> > >>
> > >>
> > >>
> > >>
> > >>
> > >>
> > >
> > > -----BEGIN PGP SIGNATURE-----
> > > Version: GnuPG v1.4.3 (MingW32)
> > > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
> > >
> > > iD8DBQFEyTCtQ6BPgKVM2YgRAuc0AJ9JS5QnkMPj4o0FkpaSELfI1bMDGgCfUDnB
> > > Ll+kQjfeUpBLPXepIuyP4uI=
> > > =bo6k
> > > -----END PGP SIGNATURE-----
> > >
> >
> > --
> > ----------------
> > Brian A. Henning
> > strutmasters.com
> > 336.597.2397x238
> > ----------------
>
> --
> TriLUG mailing list        : http://www.trilug.org/mailman/listinfo/trilug
> TriLUG Organizational FAQ  : http://trilug.org/faq/
> TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
>





More information about the TriLUG mailing list