11-30-2009
VPN performance problem
This is a weird problem I've been butting my head against for days now...
I have two OpenVPN servers set up with identical configurations except for the keys. One of them is hosted in a datacenter with a large backbone, the other is hosted on my home server's limited residential internet. One of them delivers consistent topped-out performance(100 kilobytes per second) even while under network load, the other delivers at best 30 kilobytes per second when load-free. Care to guess which one is which?
You'd guess I'd get better performance on the VPS, right? Wrong! My anemic home server gets better performance and throughput than my hosting provider. This is made doubly odd by the fact that throughput to my hosting provider seems fine in any other way I've thought to test. CPU load, I/O load, network load, all of those look minimal.
They're running nearly identical systems, with the same OS(Gentoo Linux) and very similar versions of OpenVPN -- indeed, their specific support for Gentoo and OpenVPN both are reasons this provider was picked. No firewalls or bandwidth throttling is involved yet. The latency to both hosts is nearly identical(i.e. terrible
But my client's behind a sat connection, so it's to be expected ) I'm nearly out of ideas. Is it time to fire my hosting provider? Any suggestions for alternatives?
Last edited by Corona688; 11-30-2009 at 01:16 PM..
8 More Discussions You Might Find Interesting
1. UNIX for Advanced & Expert Users
Hello,
I have a mail server (sendmail) with SUNOS 5.5.1. Just recently it began to respond very slowly.
I used vmstat to check the performance data. Only interupt, system call and CPU context swiching are relatively high. Other statistics are normal, especially CPU utilization are very... (5 Replies)
Discussion started by: caoai
5 Replies
2. Solaris
Hi All,
There is a virtual user "ecoouk" which logs on to the server and runs some scripts. I want to know how much server performance can I gain if I put off all the scripts run by this user.
Please tell me how to analyse how much resources a specific user is using.
Regards,
Abhishek (3 Replies)
Discussion started by: max29583
3 Replies
3. Linux
Trying to connect to my companies VPN with vpnc but I keep getting an error that the target failed to respond. I run wireshark and see that my host sends out a few ISAKMP packets but gets no response and gives up.
Any ideas what can cause this to happen? Is there someway that UDP traffic could... (0 Replies)
Discussion started by: osulinux
0 Replies
4. UNIX for Dummies Questions & Answers
I have a Teradata Machine, using MP-RAS Unix, with a 1000 Intel Ethernet card and a Cisco switch.
If I configure the ethernet card and the switch to auto, so they negotiate to 1000, or configure the ethernet card and switch manually to 1000Full or 100Full, the velocity is very very low.
Only... (2 Replies)
Discussion started by: cuatrodos
2 Replies
5. UNIX for Dummies Questions & Answers
Hi Gurus of UNIX, I have a problem when I try to install a software VPN Cisco in Laptop (HP530).
I do the following procedures:
Part 2 - VPN Client Compilation
We will now set up the vpn client. As there is no official Cisco VPN Client for OpenSolaris X86 available, we will use vpnc.... (1 Reply)
Discussion started by: andresguillen
1 Replies
6. UNIX for Advanced & Expert Users
Working on a simple, half duplex network diagnostic that will run anywhere using nc and dd. Performance is symmetrical with sink and source nc processes open as a server:
nc -vkl 5000 > /dev/null &
cat /dev/zero | nc -vkl 5001 &
With this on the client:
nc host0 5001 | dd of=/dev/null... (0 Replies)
Discussion started by: netdrx
0 Replies
7. Cybersecurity
Hey everyone. I have a problem, but it may be my lack of understanding that is the cause. Ok so I attend a technical school, and needless to say there's a lot of wannabe hackers, pranksters and what not.
So from my laptop I'd like to connect to the wireless AP's around campus, but security is a... (1 Reply)
Discussion started by: Lost in Cyberia
1 Replies
8. Shell Programming and Scripting
Hi,
I am Shell script beginner.
I wrote a shell programming that will take each line of a file1 and search for it in another file2 and give me the output of the lines that do not exist in the file2.
I wrote it using do while nested loop but the problem here is its running for ever . Is there... (12 Replies)
Discussion started by: sakthisivi
12 Replies
LEARN ABOUT DEBIAN
shorewall-rtrules
SHOREWALL-RTRULES(5) [FIXME: manual] SHOREWALL-RTRULES(5)
NAME
rtrules - Shorewall Routing Rules file
SYNOPSIS
/etc/shorewall/rtrules
DESCRIPTION
Entries in this file cause traffic to be routed to one of the providers listed in shorewall-providers[1](5).
The columns in the file are as follows.
SOURCE (Optional) - {-|[&]interface|address|interface:address}
An ip address (network or host) that matches the source IP address in a packet. May also be specified as an interface name optionally
followed by ":" and an address. If the device lo is specified, the packet must originate from the firewall itself.
Beginning with Shorewall 4.5.0, you may specify &interface in this column to indicate that the source is the primary IP address of the
named interface.
DEST (Optional) - {-|address}
An ip address (network or host) that matches the destination IP address in a packet.
If you choose to omit either SOURCE or DEST, place "-" in that column. Note that you may not omit both SOURCE and DEST.
PROVIDER - {provider-name|provider-number|main}
The provider to route the traffic through. May be expressed either as the provider name or the provider number. May also be main or 254
for the main routing table. This can be used in combination with VPN tunnels, see example 2 below.
PRIORITY - priority
The rule's numeric priority which determines the order in which the rules are processed. Rules with equal priority are applied in the
order in which they appear in the file.
1000-1999
Before Shorewall-generated 'MARK' rules
11000-11999
After 'MARK' rules but before Shorewall-generated rules for ISP interfaces.
26000-26999
After ISP interface rules but before 'default' rule.
MARK - {-|mark[/mask]}
Optional -- added in Shorewall 4.4.25. For this rule to be applied to a packet, the packet's mark value must match the mark when
logically anded with the mask. If a mask is not supplied, Shorewall supplies a suitable provider mask.
EXAMPLES
Example 1:
You want all traffic coming in on eth1 to be routed to the ISP1 provider.
#SOURCE DEST PROVIDER PRIORITY MASK
eth1 - ISP1 1000
Example 2:
You use OpenVPN (routed setup /tunX) in combination with multiple providers. In this case you have to set up a rule to ensure that the
OpenVPN traffic is routed back through the tunX interface(s) rather than through any of the providers. 10.8.0.0/24 is the subnet chosen
in your OpenVPN configuration (server 10.8.0.0 255.255.255.0).
#SOURCE DEST PROVIDER PRIORITY MASK
- 10.8.0.0/24 main 1000
FILES
/etc/shorewall/rtrules
SEE ALSO
http://shorewall.net/MultiISP.html
http://shorewall.net/configuration_file_basics.htm#Pairs
shorewall(8), shorewall-accounting(5), shorewall-actions(5), shorewall-blacklist(5), shorewall-hosts(5), shorewall_interfaces(5),
shorewall-ipsets(5), shorewall-maclist(5), shorewall-masq(5), shorewall-nat(5), shorewall-netmap(5), shorewall-params(5),
shorewall-policy(5), shorewall-providers(5), shorewall-proxyarp(5), shorewall-routestopped(5), shorewall-rules(5), shorewall.conf(5),
shorewall-secmarks(5), shorewall-tcclasses(5), shorewall-tcdevices(5), shorewall-tcrules(5), shorewall-tos(5), shorewall-tunnels(5),
shorewall-zones(5)
NOTES
1. shorewall-providers
http://www.shorewall.net/manpages/shorewall-providers.html
[FIXME: source] 06/28/2012 SHOREWALL-RTRULES(5)