I have a simple OpenVPN bridge environment set up:
<openvpn_client>---<tun0>--[OpenBSD]--<hme1>---<internal_lan>
|
<Internet>------------ <hme0>
* bridge0 contains tun0 and hme1
Connectivity and routing work as expected, but when I ping from the client
to the OpenBSD server, I get terribly high ping times as high as 3000ms
with huge variation. Yet the ping times from the client to a host on the
internal lan are <10ms. Basically any packets going between the VPN
client and the server itself have this problem. Packets passing through
the bridge from client to internal lan are not affected.
I am using OpenBSD 4.2 on sparc64, and I've tried OpenVPN 2.0.9 and
2.1rc4. But I also have the same issue on an older 3.8 box with OpenVPN
2.0.5, also sparc64.
Because of this problem, using the VPN server also as a default gateway to
the Internet is nearly impossible, as the response times are terrible.
Any idea what is going on? I've only seen one other report of this issue
but there was no solution discussed:
http://thread.gmane.org/gmane.network.openvpn.user/20541
Here are some sample pings:
C:\temp>ping -t 192.168.222.1 (pinging server from vpn client)
Pinging 192.168.222.1 with 32 bytes of data:
Reply from 192.168.222.1: bytes=32 time=140ms TTL=255
Reply from 192.168.222.1: bytes=32 time=821ms TTL=255
Reply from 192.168.222.1: bytes=32 time=271ms TTL=255
Reply from 192.168.222.1: bytes=32 time=648ms TTL=255
Reply from 192.168.222.1: bytes=32 time=447ms TTL=255
Reply from 192.168.222.1: bytes=32 time=18ms TTL=255
Reply from 192.168.222.1: bytes=32 time=45ms TTL=255
Reply from 192.168.222.1: bytes=32 time=414ms TTL=255
Reply from 192.168.222.1: bytes=32 time=649ms TTL=255
Reply from 192.168.222.1: bytes=32 time=1094ms TTL=255
Reply from 192.168.222.1: bytes=32 time=131ms TTL=255
Reply from 192.168.222.1: bytes=32 time=91ms TTL=255
Reply from 192.168.222.1: bytes=32 time=619ms TTL=255
Reply from 192.168.222.1: bytes=32 time=2154ms TTL=255
Reply from 192.168.222.1: bytes=32 time=3179ms TTL=255
Reply from 192.168.222.1: bytes=32 time=2310ms TTL=255
Reply from 192.168.222.1: bytes=32 time=1147ms TTL=255
Reply from 192.168.222.1: bytes=32 time=233ms TTL=255
Reply from 192.168.222.1: bytes=32 time=3030ms TTL=255
Reply from 192.168.222.1: bytes=32 time=4085ms TTL=255
Reply from 192.168.222.1: bytes=32 time=1500ms TTL=255
Reply from 192.168.222.1: bytes=32 time=845ms TTL=255
Reply from 192.168.222.1: bytes=32 time=64ms TTL=255
Reply from 192.168.222.1: bytes=32 time=611ms TTL=255
Ping statistics for 192.168.222.1:
Packets: Sent = 24, Received = 24, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 18ms, Maximum = 4085ms, Average = 1022ms
C:\temp>ping -t 192.168.222.10 (pinging internal host from vpn client)
Pinging 192.168.222.10 with 32 bytes of data:
Reply from 192.168.222.10: bytes=32 time=6ms TTL=254
Reply from 192.168.222.10: bytes=32 time=3ms TTL=254
Reply from 192.168.222.10: bytes=32 time=4ms TTL=254
Reply from 192.168.222.10: bytes=32 time=3ms TTL=254
Reply from 192.168.222.10: bytes=32 time=9ms TTL=254
Reply from 192.168.222.10: bytes=32 time=3ms TTL=254
Reply from 192.168.222.10: bytes=32 time=3ms TTL=254
Reply from 192.168.222.10: bytes=32 time=4ms TTL=254
Reply from 192.168.222.10: bytes=32 time=3ms TTL=254
Reply from 192.168.222.10: bytes=32 time=3ms TTL=254
Reply from 192.168.222.10: bytes=32 time=3ms TTL=254
Reply from 192.168.222.10: bytes=32 time=4ms TTL=254
Reply from 192.168.222.10: bytes=32 time=4ms TTL=254
Reply from 192.168.222.10: bytes=32 time=3ms TTL=254
Reply from 192.168.222.10: bytes=32 time=3ms TTL=254
Reply from 192.168.222.10: bytes=32 time=3ms TTL=254
Reply from 192.168.222.10: bytes=32 time=5ms TTL=254
Reply from 192.168.222.10: bytes=32 time=4ms TTL=254
Reply from 192.168.222.10: bytes=32 time=3ms TTL=254
Ping statistics for 192.168.222.10:
Packets: Sent = 19, Received = 19, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 3ms, Maximum = 9ms, Average = 3ms
Bryan
