thank you for your investigation. congestion provider can be customized if you select "*Datacenter Custom"*
чт, 4 окт. 2018 г. в 13:58, Rostyslav Maryliak < rostyslav.maryl...@idealscorp.com>: > Dear Ilya, > > I've checked "Get-NetTCPConnection" command output on both win2012r2 and > win2016 servers. > > win2012r2 server works as OpenVPN server. Internal IP address - 10.0.4.1. > OpenVPN tunnel IP address - 172.16.144.1 > win2016 server works as OpenVPN client. Internal IP address - 10.0.44.1. > OpenVPN tunnel IP address - 172.16.144.18 > > > *From win2012r2 server:* > > PS C:\Users\Administrator> Get-NetTCPConnection -RemoteAddress 10.0.44.1 > LocalAddress LocalPort RemoteAddress > RemotePort State AppliedSetting > ------------ --------- > ------------- ---------- > ----- -------------- > 172.16.144.1 56437 10.0.44.1 > 53005 Established > *Datacenter* > > PS C:\Users\Administrator> Get-NetTCPConnection -RemoteAddress > 172.16.144.18 > LocalAddress LocalPort RemoteAddress > RemotePort State AppliedSetting > ------------ --------- > ------------- ---------- > ----- -------------- > 10.0.4.1 11616 > 172.16.144.18 56882 Established > *Datacenter* > 10.0.4.1 11616 > 172.16.144.18 56905 Established > *Datacenter* > > > *From win2016 server:* > > PS C:\Users\Administrator> Get-NetTCPConnection -RemoteAddress 10.0.4.1 > LocalAddress LocalPort RemoteAddress > RemotePort State AppliedSetting > OwningProcess > ------------ --------- > ------------- ---------- > ----- -------------- ------------- > 172.16.144.18 56905 10.0.4.1 > 11616 Established * > Internet * 13300 > 172.16.144.18 56882 10.0.4.1 > 11616 Established * > Internet * 13300 > > > PS C:\Users\Administrator> Get-NetTCPConnection -RemoteAddress 172.16.144.1 > LocalAddress LocalPort RemoteAddress > RemotePort State AppliedSetting > OwningProcess > ------------ --------- > ------------- ---------- > ----- -------------- ------------- > 10.0.44.1 53005 172.16.144.1 > 56437 Established > *Internet* 13300 > > > I've changed the "AppliedSetting" value to Datacenter on win2016 server as > well by running this commands and restarting the VPN: > New-NetTransportFilter -SettingName Datacenter -DestinationPrefix > 10.0.4.0/24 > New-NetTransportFilter -SettingName Datacenter -DestinationPrefix > 172.16.144.0/24 > > Now it shows Datacenter on both servers. But the network speed remains the > same. My changes do not affect the issue. > I've noticed that global TCP settings influence that, especially "Chimney > Offload", "Congestion Control Provider" and "ECN Capability": > > C:\Users\Administrator> netsh int tcp show global > Querying active state... > > TCP Global Parameters > ---------------------------------------------- > Receive-Side Scaling State : enabled > Chimney Offload State : disabled > NetDMA State : disabled > Direct Cache Access (DCA) : disabled > Receive Window Auto-Tuning Level : normal > Add-On Congestion Control Provider : default > ECN Capability : enabled > RFC 1323 Timestamps : disabled > Initial RTO : 3000 > Receive Segment Coalescing State : enabled > Non Sack Rtt Resiliency : disabled > Max SYN Retransmissions : 2 > TCP Fast Open : disabled > > > That is why I believe that the root cause of the issue lies in "Congestion > Control Provider" setting. But I am unable to change it > > On Thu, Oct 4, 2018 at 7:50 AM Илья Шипицин <chipits...@gmail.com> wrote: > >> Hello, >> >> can you do some things and tell us your observation ? >> >> starting with win2012 so called network profiles were introduced >> (Internet / Intranet / Datacenter) >> those profiles are very different for tcp connection (if you observe >> degradation in case of udp, most probably that is not related) >> >> >> so, let's start >> >> start powershell (I assume you are familiar) >> call >> >> Get-NetTCPConnection >> >> pay attention to "AppliedSetting" column. >> what's there ? >> >> we did observe strange things when win2012 classified some traffic as >> "Internet" and appropriate tcp settings were applied. >> >> is there some correlation in your case ? >> >> ср, 3 окт. 2018 г. в 20:45, Rostyslav Maryliak < >> rostyslav.maryl...@idealscorp.com>: >> >>> Dear OpenVPN developers, >>> >>> I've faced a very strange issue with slow outbound network speed from >>> Windows Server 2016 Standard server via the OpenVPN tunnel. >>> OpenVPN server is Windows Server 2012 R2, client is Windows Server 2016. >>> The inbound network speed for Windows Server 2016 is great. >>> But the outbound network speed is nearly 30-40 kbps. I've got the same >>> results using several tests: iperf testings, file download via SMB, >>> Web-based downloading (using HTTP) etc. >>> >>> The tunnels is getting up and it works greatly, but only in one >>> direction - from Windows Server 2012 R2 to Windows Server 2016. >>> I've been using such server-client configurations setup for several >>> years with Windows Server 2012 R2 servers and I've never faced such issue >>> before. >>> At first I thought that our ISP has some network limitations, but it >>> turned out that the same tests shows great network speed results using the >>> public IP addresses in both directions. >>> The issue only occurs inside the VPN tunnel. I've spent 3 days tryng to >>> figure it out, but failed. I've installed all latest Windows updates, >>> reinstalled OpenVPN, tried to switch from UDP to TCP, >>> played with performance settings in configs (link-mtu, sndbuf, rcvbuf >>> etc) but still no luck. I've tested the same setup between two Windows >>> Server 2012 R2 servers and it works greatly in both directions. >>> Then I've tested it with another Windows Server 2016 Standard server >>> (different server and different ISP) and it showed the same awful results >>> in outbound direction. >>> When I've set the same OpenVPN tunnel between two Windows Server 2016 >>> Standard servers I've got the same poor network speed in both directions. >>> >>> I believe that the issue is somehow related only to the Windows Server >>> 2016 version and I am more than confident that it depends on server's TCP >>> stack settings. >>> I've noticed that Windows Server 2016 has a congestion control provider >>> setting set to "default", while previous versions of Windows has this >>> setting set to "none". >>> >>> I've created a topic on OpenVPN Support Forum and it was suggested to >>> post my issue to you and reference the thread. >>> >>> You can reference to the >>> https://forums.openvpn.net/viewtopic.php?f=6&t=27173 for config files >>> and additional information. >>> >>> Have you faced a similar issue before? Can you provide any hint how can >>> I resolve the issue? What did I missed? >>> I would be very grateful for any help. Thank you in advance. >>> >>> >>> -- >>> >>> Best regards, >>> >>> *Rostyslav Maryliak* >>> >>> System Administrator >>> >>> >>> >>> *iDeals™ Solutions Group*| + 38(073)437-72-51 >>> <%2B%2038%28093%29575-35-16> | Skype: rostyslav.maryliak.ideals| >>> *rostyslav.maryl...@idealscorp.com >>> <dmitry.zaporozhche...@idealscorp.com>* | www.idealsvdr.com >>> <http://www.idealscorp.com/> >>> >>> CONFIDENTIALITY NOTE: The information transmitted, including >>> attachments, is intended only for the person(s) or entity to which it is >>> addressed and may contain confidential and/or privileged material. Any >>> review, retransmission, dissemination or other use of, or taking of any >>> action in reliance upon this information by persons or entities other than >>> the intended recipient is prohibited. If you received this in error, please >>> contact the sender and destroy any copies of this information. >>> _______________________________________________ >>> Openvpn-devel mailing list >>> Openvpn-devel@lists.sourceforge.net >>> https://lists.sourceforge.net/lists/listinfo/openvpn-devel >>> >> > > -- > > Best regards, > > *Rostyslav Maryliak* > > System Administrator > > > > *iDeals™ Solutions Group*| + 38(073)437-72-51 <%2B%2038%28093%29575-35-16> | > Skype: rostyslav.maryliak.ideals| *rostyslav.maryl...@idealscorp.com > <dmitry.zaporozhche...@idealscorp.com>* | www.idealsvdr.com > <http://www.idealscorp.com/> > > CONFIDENTIALITY NOTE: The information transmitted, including attachments, > is intended only for the person(s) or entity to which it is addressed and > may contain confidential and/or privileged material. Any review, > retransmission, dissemination or other use of, or taking of any action in > reliance upon this information by persons or entities other than the > intended recipient is prohibited. If you received this in error, please > contact the sender and destroy any copies of this information.
_______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
