Re: [pfSense] MTU on TUN adapter in lossy conditions
Extremely helpful. I'll post our test results. On 6/15/2016 2:10 PM, Heath Barnhart wrote: Most VPN's I've worked with dropped the MTU to 1300 for that very reason. I'd give it a try and see what happens. One thing I would check to see is if OpenVPN also effects the MTU of the physical interface being used, and if it permanently changes it. I ran into an issue where an application would randomly quit working. After doing some digging I found that Cisco AnyConnect had reconfigured the MTU on my wired NIC to 1300, even when the tunnel was disabled. On Wed, Jun 15, 2016 at 1:46 PM, Karl Fife wrote: Has anyone had success adjusting MTU on OpenVPN tunnel adapters to deal with loss amplification across tunnel networks? By default the MTU on an openVPN adapter(s) are set to 1500, but it seems that performance in lossy conditions might be dramatically improved by changing the MTU to something smaller to prevent packet fragmentation across the tunnel network (e.g. to account for the encrypted packet's IP overhead, such that one packet could be encapsulated by one packet of the tunnel network). It seems that if the MTU's are the same, one would invariably end up with frequent fragmentation, greatly increasing the packet loss amplification on lossy (e.g. wireless) networks, and exaggerated falloff of application performance as packet loss increases. This is also consistent with what I observe. I understand that this artificial constraint would result in lower performance in high quality connections, but am I on the right track to dealing with performance on lossy networks? If this is conceptually correct, so would I also need to explicitly tell OpenVPN not to fragment in general? Any big-picture guidance would be much appreciated. ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
[pfSense] You're invited to Descubre Arduino con Make it! (21 Jun 2016)
¿Quieres iniciarte en el mundo de Arduino de manera sencilla? Make it! es un kit basado en Arduino que incluye la placa de Scratch para Arduino (S4A). Este kit es perfecto para los niños y gente no iniciada ya que esta diseñada con fines educativos, uniendo la flexibilidad y potencia de Arduino con la facilidad de uso de Scratch y Scratch para Arduino, ademas, con el diseño de la placa de aprendizaje S4A no se requieren protoboards o cables para empezar a trabajar con Arduino! La charla sera con Jordi Binefa, uno de los mayores expertos locales en microcontroladores, y diseñador de la placa S4A.Share this event on Facebook and Twitter We hope you can make it.Best,Ferran Fàbregas - Organizador -- Event Summary: -- Event: Descubre Arduino con Make it! Date: Tuesday, 21 June 2016 from 18:30 to 19:30 (CEST) Location: Librería Hispano Americana
594 Gran Via de Les Corts Catalanes
08007 Barcelona
Spain
-- Event Details: -- ¿Quieres iniciarte en el mundo de Arduino de manera sencilla? Make it! es un kit basado en Arduino que incluye la placa de Scratch para Arduino (S4A). Este kit es perfecto para los niños y gente no iniciada ya que esta diseñada con fines educativos, uniendo la flexibilidad y potencia de Arduino con la facilidad de uso de Scratch y Scratch para Arduino, ademas, con el diseño de la placa de aprendizaje S4A no se requieren protoboards o cables para empezar a trabajar con Arduino! La charla sera con Jordi Binefa, uno de los mayores expertos locales en microcontroladores, y diseñador de la placa S4A. -- Hosted By: -- Ferran Fàbregas - Organizador -- Register Online: -- More information and online registration are available here: https://www.eventbrite.co.uk/e/descubre-arduino-con-make-it-tickets-26028312383?ref=enivtefor001&invite=MTAzMzUwMDQvbGlzdEBsaXN0cy5wZnNlbnNlLm9yZy8w -- Collect event fees online with Eventbrite http://www.eventbrite.com ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] MTU on TUN adapter in lossy conditions
Most VPN's I've worked with dropped the MTU to 1300 for that very reason. I'd give it a try and see what happens. One thing I would check to see is if OpenVPN also effects the MTU of the physical interface being used, and if it permanently changes it. I ran into an issue where an application would randomly quit working. After doing some digging I found that Cisco AnyConnect had reconfigured the MTU on my wired NIC to 1300, even when the tunnel was disabled. On Wed, Jun 15, 2016 at 1:46 PM, Karl Fife wrote: > Has anyone had success adjusting MTU on OpenVPN tunnel adapters to deal > with loss amplification across tunnel networks? > > By default the MTU on an openVPN adapter(s) are set to 1500, but it seems > that performance in lossy conditions might be dramatically improved by > changing the MTU to something smaller to prevent packet fragmentation > across the tunnel network (e.g. to account for the encrypted packet's IP > overhead, such that one packet could be encapsulated by one packet of the > tunnel network). It seems that if the MTU's are the same, one would > invariably end up with frequent fragmentation, greatly increasing the > packet loss amplification on lossy (e.g. wireless) networks, and > exaggerated falloff of application performance as packet loss increases. > This is also consistent with what I observe. > > I understand that this artificial constraint would result in lower > performance in high quality connections, but am I on the right track to > dealing with performance on lossy networks? If this is conceptually > correct, so would I also need to explicitly tell OpenVPN not to fragment in > general? Any big-picture guidance would be much appreciated. > > > > ___ > pfSense mailing list > https://lists.pfsense.org/mailman/listinfo/list > Support the project with Gold! https://pfsense.org/gold > -- Heath Barnhart Network Administrator Kansas Research and Education Network 2029 Becker Drive, Suite 282 Lawrence, KS 66047 (785)856-9820 ext 9815 hbarnh...@kanren.net ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
[pfSense] MTU on TUN adapter in lossy conditions
Has anyone had success adjusting MTU on OpenVPN tunnel adapters to deal with loss amplification across tunnel networks? By default the MTU on an openVPN adapter(s) are set to 1500, but it seems that performance in lossy conditions might be dramatically improved by changing the MTU to something smaller to prevent packet fragmentation across the tunnel network (e.g. to account for the encrypted packet's IP overhead, such that one packet could be encapsulated by one packet of the tunnel network). It seems that if the MTU's are the same, one would invariably end up with frequent fragmentation, greatly increasing the packet loss amplification on lossy (e.g. wireless) networks, and exaggerated falloff of application performance as packet loss increases. This is also consistent with what I observe. I understand that this artificial constraint would result in lower performance in high quality connections, but am I on the right track to dealing with performance on lossy networks? If this is conceptually correct, so would I also need to explicitly tell OpenVPN not to fragment in general? Any big-picture guidance would be much appreciated. ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
[pfSense] CARP
Hi there, i have a lot CARP switches a Day. Mostly 1-2 Times a day. Is there anyway to debug that Problem? because is causes my Network. The CARP interface mostly didnt come up correctly that some parts of my networks are not reachable. Maybe is there a way to configure CARP that is is not so sensible? Cheers Daniel ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold