[TriLUG] OpenVPN
Chris Knowles
chrisk at trilug.org
Fri Jul 28 05:44:36 EDT 2006
Ah... referring to this entry I hope...
"
I can ping through the tunnel, but any real work causes it to lock up.
Is this an MTU problem?
Probably. It's best to change the mssfix parameter rather than directly
changing the MTU of the TUN/TAP adapter. For example:
mssfix 1200
"
Is anyone else actually having this problem? Because I'm really not...
Can anyone tell me if I need to be looking at this when I roll out to
more than the 2 people who are using it right now?
CJK
On Thu, 2006-07-27 at 22:31 -0400, Brian Henning wrote:
> Well, obviously I'm not the expert, which is why it seems a bit like
> 'expert' settings to me.. But anyway, what I would experience (and it's
> mentioned in the OpenVPN FAQ) is that high-traffic apps would cause the VPN
> tunnel to hang after a short period. (Perhaps "high traffic" is a bad term;
> large-packet-size at least) Reducing the... something or other, mta I think
> (I don't have the config in front of me) from 1500 to something like 1400
> (as advised in the FAQ) cleared the problem up. Again, I don't purport to
> really understand that aspect of networking to begin with, but I would wager
> it has something to do with whether packets get fragmented before or after
> encapsulation, and that post-encapsulation fragmentation can cause the VPN
> to hang.
>
> I'm not accusing anyone of hallucinating.. Maybe I should have said "I had
> to..." instead of "you have to..."
>
> ~B
>
>
>
> > -----Original Message-----
> > From: trilug-bounces at trilug.org [mailto:trilug-bounces at trilug.org]On
> > Behalf Of Chris Knowles
> > Sent: Thursday, July 27, 2006 9:20 PM
> > To: Triangle Linux Users Group discussion list
> > Subject: Re: [TriLUG] OpenVPN
> >
> >
> > Really? you do? Huh, then I'm hallucinating again.
> >
> > What 'expert' twiddling do you recommend, and for what specific reason?
> >
> > CJK
> >
> > On Thu, 2006-07-27 at 17:29 -0400, Brian Henning wrote:
> > > So far it's worked like a champ for me, though you have to do some
> > > "expert" twiddling with mtu and other fragmentation settings before
> > > it'll sail smoothly with high-traffic apps like remote desktop.
> > > Definitely worth your time to investigate. Feel free to pose any
> > > specific questions you might have.
> > >
> > > ~B
> > >
> > > Eric H Christensen wrote:
> > > > -----BEGIN PGP SIGNED MESSAGE-----
> > > > Hash: SHA1
> > > >
> > > > My hope was to use OpenVPN on my laptop to create a secure connection
> > > > back to my home network when I'm out on the road. I've seen
> > Free S/WAN
> > > > used in such a manner but was looking at a different solution
> > to compare
> > > > and contrast before implementing a solution.
> > > >
> > > > Eric
> > > >
> > > >
> > > > Brian Henning wrote:
> > > >> Remote users of what? I'm funneling SIP calls over OpenVPN,
> > as well as
> > > >> a couple TCP connections made by a proprietary product.
> > > >>
> > > >> ~Brian
> > > >>
> > > >> Eric H Christensen wrote:
> > > >> Anyone using OpenVPN for remote users?
> > > >>
> > > >> Eric
> > > >>
> > > >>
> > > >>
> > > >>
> > > >>
> > > >>
> > > >>
> > > >
> > > > -----BEGIN PGP SIGNATURE-----
> > > > Version: GnuPG v1.4.3 (MingW32)
> > > > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
> > > >
> > > > iD8DBQFEyTCtQ6BPgKVM2YgRAuc0AJ9JS5QnkMPj4o0FkpaSELfI1bMDGgCfUDnB
> > > > Ll+kQjfeUpBLPXepIuyP4uI=
> > > > =bo6k
> > > > -----END PGP SIGNATURE-----
> > > >
> > >
> > > --
> > > ----------------
> > > Brian A. Henning
> > > strutmasters.com
> > > 336.597.2397x238
> > > ----------------
> >
> > --
> > TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug
> > TriLUG Organizational FAQ : http://trilug.org/faq/
> > TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
> >
>
>
More information about the TriLUG
mailing list