Mark Dueck wrote:
Hi everyone,
I am trouble shooting a VPN that I'm creating between 2 businesses. I
am not sure if it has to do with the VPN, or the actual link
instability. The link is a wireless that currently is quite unstable,
but traffic can still go through at 100 kbps. Not really usable, but
I'm working on making the wireless more stable.
Situation: 2 networks linked via routed openVPN. Wan IP addresses are
172.27.200.x and sites are at 10.20.30.x and 192.168.0.x -- I know that
one is not the best, but it's out of my control to change.
Now when I ping from one network to the next, my ping times continously
increase, while at the same time I'm pinging the 172.27.200.x at the
other site, and it's ping times are normal.
Pinging through VPN:
PING 192.168.0.250 (192.168.0.250) 56(84) bytes of data.
64 bytes from 192.168.0.250: icmp_seq=1 ttl=62 time=839 ms
64 bytes from 192.168.0.250: icmp_seq=2 ttl=62 time=1310 ms
64 bytes from 192.168.0.250: icmp_seq=3 ttl=62 time=1766 ms
64 bytes from 192.168.0.250: icmp_seq=4 ttl=62 time=2206 ms
64 bytes from 192.168.0.250: icmp_seq=5 ttl=62 time=2700 ms
64 bytes from 192.168.0.250: icmp_seq=6 ttl=62 time=3150 ms
64 bytes from 192.168.0.250: icmp_seq=7 ttl=62 time=3651 ms
64 bytes from 192.168.0.250: icmp_seq=8 ttl=62 time=4069 ms
64 bytes from 192.168.0.250: icmp_seq=9 ttl=62 time=4548 ms it keeps
on going up to 17000ms or even more.
Pinging VPN server at other site:
PING 172.27.200.2 (172.27.200.2): 56 data bytes
64 bytes from 172.27.200.2: icmp_seq=0 ttl=64 time=136.973 ms
64 bytes from 172.27.200.2: icmp_seq=1 ttl=64 time=5.015 ms
64 bytes from 172.27.200.2: icmp_seq=2 ttl=64 time=9.780 ms
64 bytes from 172.27.200.2: icmp_seq=3 ttl=64 time=7.119 ms
64 bytes from 172.27.200.2: icmp_seq=4 ttl=64 time=15.883 ms
64 bytes from 172.27.200.2: icmp_seq=5 ttl=64 time=5.063 ms
64 bytes from 172.27.200.2: icmp_seq=6 ttl=64 time=8.558 ms
64 bytes from 172.27.200.2: icmp_seq=7 ttl=64 time=11.865 ms
64 bytes from 172.27.200.2: icmp_seq=8 ttl=64 time=7.440 ms
These ping times as you can see are almost normal. The wireless has
several retries during this time already.
When I scp a file directly to the vpn server, it goes through, but as
soon as I do it over the VPN, it dies within 200k of transfers.
Can someone shed some light on this? Is ssl traffic so sensitive to
packet loss, or packet sequence that it would cause this?
Are you using TCP or UDP for the OpenVPN connection? If it's TCP this
would be expected, tunneling TCP over TCP is problematic when there is
packet loss, not related to the encryption protocol. Using UDP it should
function no differently than a connection between the same two endpoints
outside the OpenVPN tunnel. You shouldn't use TCP in most cases for any
VPN, unless it's desirable for reasons like TCP 80 or 443 usually making
it through every firewall and proxy.
