I'm using shorewall with openvpn and traffic shaping at all of our offices. I have noticed for a while that occasionally ping times are excessive. Usually this is during overnight off site backups but some times during the day. I have assumed the is was an ISP issue but now I'm suspecting it's problem with openvpn and traffic shaping.
In the test case have 2 sites with t1s. I'm setting speed much lower to allow for some phone traffic that comes off before I get it. During the tests there is no phone use. I set to do iperf between sites between sites both direct and therough the vpn. With no traffic ping time direct is about 8ms and 10ms via vpn. With saturating direct traffic . Direct ping is about 40-50 ms vpn ping is about 50ms With saturating vpn traffic Direct ping is about 15-30ms vpn ping is about 18-250ms Ping times are very erratic particular in the one bad case. Some times pings via vpn are over a second. The consistant thing is with saturating traffic via vpn the vpn ping times are bad. Other cases are OK. My wild guess is that openvpn does not like its packets being delayed. Attached is shorewall dump. In case it looks odd the openvpn links are point to point and routing is done via ospf. Any Ideas? Thanks John
shorewall.dump.gz
Description: GNU Zip compressed data
------------------------------------------------------------------------------ This SF.net email is sponsored by Sprint What will you do first with EVO, the first 4G phone? Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
