[TriLUG] OpenVPN

Brian Henning lugmail at cheetah.dynip.com
Fri Jul 28 07:48:21 EDT 2006


That's the one.  So yeah, I was really having that problem...

~B

> -----Original Message-----
> From: trilug-bounces at trilug.org [mailto:trilug-bounces at trilug.org]On
> Behalf Of Chris Knowles
> Sent: Friday, July 28, 2006 5:45 AM
> To: Triangle Linux Users Group discussion list
> Subject: RE: [TriLUG] OpenVPN
>
>
> Ah... referring to this entry I hope...
> "
> I can ping through the tunnel, but any real work causes it to lock up.
> Is this an MTU problem?
> Probably. It's best to change the mssfix parameter rather than directly
> changing the MTU of the TUN/TAP adapter. For example:
>
>
>         mssfix 1200
> "
>
> Is anyone else actually having this problem?  Because I'm really not...
>
> Can anyone tell me if I need to be looking at this when I roll out to
> more than the 2 people who are using it right now?
>
> CJK
>
> On Thu, 2006-07-27 at 22:31 -0400, Brian Henning wrote:
> > Well, obviously I'm not the expert, which is why it seems a bit like
> > 'expert' settings to me..  But anyway, what I would experience (and it's
> > mentioned in the OpenVPN FAQ) is that high-traffic apps would
> cause the VPN
> > tunnel to hang after a short period.  (Perhaps "high traffic"
> is a bad term;
> > large-packet-size at least) Reducing the... something or other,
> mta I think
> > (I don't have the config in front of me) from 1500 to something
> like 1400
> > (as advised in the FAQ) cleared the problem up.  Again, I don't
> purport to
> > really understand that aspect of networking to begin with, but
> I would wager
> > it has something to do with whether packets get fragmented
> before or after
> > encapsulation, and that post-encapsulation fragmentation can
> cause the VPN
> > to hang.
> >
> > I'm not accusing anyone of hallucinating..  Maybe I should have
> said "I had
> > to..." instead of "you have to..."
> >
> > ~B
> >
> >
> >
> > > -----Original Message-----
> > > From: trilug-bounces at trilug.org [mailto:trilug-bounces at trilug.org]On
> > > Behalf Of Chris Knowles
> > > Sent: Thursday, July 27, 2006 9:20 PM
> > > To: Triangle Linux Users Group discussion list
> > > Subject: Re: [TriLUG] OpenVPN
> > >
> > >
> > > Really?  you do?  Huh, then I'm hallucinating again.
> > >
> > > What 'expert' twiddling do you recommend, and for what
> specific reason?
> > >
> > > CJK
> > >
> > > On Thu, 2006-07-27 at 17:29 -0400, Brian Henning wrote:
> > > > So far it's worked like a champ for me, though you have to do some
> > > > "expert" twiddling with mtu and other fragmentation settings before
> > > > it'll sail smoothly with high-traffic apps like remote desktop.
> > > > Definitely worth your time to investigate.  Feel free to pose any
> > > > specific questions you might have.
> > > >
> > > > ~B
> > > >
> > > > Eric H Christensen wrote:
> > > > > -----BEGIN PGP SIGNED MESSAGE-----
> > > > > Hash: SHA1
> > > > >
> > > > > My hope was to use OpenVPN on my laptop to create a
> secure connection
> > > > > back to my home network when I'm out on the road.  I've seen
> > > Free S/WAN
> > > > > used in such a manner but was looking at a different solution
> > > to compare
> > > > > and contrast before implementing a solution.
> > > > >
> > > > > Eric
> > > > >
> > > > >
> > > > > Brian Henning wrote:
> > > > >> Remote users of what?  I'm funneling SIP calls over OpenVPN,
> > > as well as
> > > > >> a couple TCP connections made by a proprietary product.
> > > > >>
> > > > >> ~Brian
> > > > >>
> > > > >> Eric H Christensen wrote:
> > > > >> Anyone using OpenVPN for remote users?
> > > > >>
> > > > >> Eric
> > > > >>
> > > > >>
> > > > >>
> > > > >>
> > > > >>
> > > > >>
> > > > >>
> > > > >
> > > > > -----BEGIN PGP SIGNATURE-----
> > > > > Version: GnuPG v1.4.3 (MingW32)
> > > > > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
> > > > >
> > > > > iD8DBQFEyTCtQ6BPgKVM2YgRAuc0AJ9JS5QnkMPj4o0FkpaSELfI1bMDGgCfUDnB
> > > > > Ll+kQjfeUpBLPXepIuyP4uI=
> > > > > =bo6k
> > > > > -----END PGP SIGNATURE-----
> > > > >
> > > >
> > > > --
> > > > ----------------
> > > > Brian A. Henning
> > > > strutmasters.com
> > > > 336.597.2397x238
> > > > ----------------
> > >
> > > --
> > > TriLUG mailing list        :
> http://www.trilug.org/mailman/listinfo/trilug
> > > TriLUG Organizational FAQ  : http://trilug.org/faq/
> > > TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
> > >
> >
> >
>
> --
> TriLUG mailing list        : http://www.trilug.org/mailman/listinfo/trilug
> TriLUG Organizational FAQ  : http://trilug.org/faq/
> TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
>





More information about the TriLUG mailing list