[SOLVED] OpenVPN, lost paquets in transmition...

[noiro]

Hello,

I have a small problem with my setup Open VPN All works but when I make a transfer through the VPN, the connection is made, it starts, starts to move, then after a few seconds the network throughput drops to 0% and then loses the conection. (I'm forced to resume the transfer, but the problem comes back).

My MTU setting is well settled ... but I do not understand why I have this problem of packet loss ...

[maikcat]

hi there,

please post configs (server,client).

are you using tcp? if yes try udp also..

Michael.

[noiro]

hy

yes, I use UDP, and i'm on debian
Here my conf files :

server :

Code: Select all

port 1194
proto udp
dev tun
tls-server
mssfix 1400
link-mtu 1472
fragment 1300
ca ca.crt
cert server.crt
key server.key
dh dh1024.pem

server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "route 20.130.0.0 255.255.0.0"
push "dhcp-option DNS 20.130.20.6"
push "dhcp-option DNS 20.130.20.2"
push "dhcp-option DOMAIN workplace.com"

client-to-client
keepalive 10 120
persist-key
persist-tun
status openvpn-status.log
log         openvpn.log
log-append  openvpn.log
verb 3
username-as-common-name
plugin /usr/lib/openvpn/openvpn-auth-pam.so openvpn
client-cert-not-required

and my client :

Code: Select all

client
dev tun
proto udp
remote 127.20.0.1 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
ns-cert-type server
comp-lzo
verb 3
auth-user-pass
fragment 1300
mssfix 1400

thanks for help

[maikcat]

hi there,

please post server logs as well..


>the connection is made, it starts, starts to move, then after a few seconds the network throughput drops to >0% and then loses the conection. (I'm forced to resume the transfer, but the problem comes back).

what exactly are you doing?file copy? which service (ftp,smb)?

if you ping using large packets do you see packet loss as well?

Michael.

[noiro]

Hy,

it's a files copy, smb. good for 1/10 time of tranfert at 3MB/s and after the transfert stop working...


I will send you a copy of networks capture if this could help you :
download : http://dl.free.fr/qE4F8Br7z

and log files is here :

http://dl.free.fr/vSX4e8XfU

[noiro]

up...

[maikcat]

hi there,

<copied from another post - answer by user janjust>

<quote>

there are a couple of things to try:

1) determine the optimal MTU value; this can be done by pinging the server using
Code:
ping -M do -s <size> server

on linux or using
Code:
ping -f -l <size> server

on Windows; vary <size> to find the optimal value; I'd start out with 1472 , as that is the default for ethernet networks.
If the MTU needs to be lowered then lower it on both ends

2) specify an 'mssfix' value e.g
Code:
mssfix 1400


to the server config and restart the server.
</quote>

ps: can you try verb 5 and post part of the log when you loose connection..?

Michael

[noiro]

Ok, mtu is good ... msfix is not defined...

We make a test environement for determine why it do that. All configurations is on the same switch.

We make a First computer > WIN7 with 192.168.0.21 ip adress

We make a router in Debian with 2 network interface :
one in > Eth0 192.168.1.20
and the other > Eth1 192.168.0.20

We make a second debian with OpenVPN > Eth0 192.168.1.2

And the final computer is in WIN7 > 192.168.1.3

The translation between router and the VPN is in UDP / NAT

------

result :

The ping between 192.168.0.21 and 192.168.1.3 is good, when in make a TSE between these computer, it's good but very slow. When I made a big transfert by a windows sharing, the transfert begin at 30 Megabyte/s for 20 secondes and falls at 0 Kb/s

The links between two machines is already works...

------

I don't understand...

here our config files :

Code: Select all

dev tun
proto udp
remote 192.168.0.20 1194
resolv-retry infinite
nobind
persist-key
persist-tun
#tun-mtu 1500
#link-mtu 1472
#tls-client
#mssfix 1400
#fragment 1300
#no-replay
verb 5
ca ca.crt
key A206698.key
cert A206698.crt
ns-cert-type server
comp-lzo

Code: Select all

port 1194
proto udp
dev tun 

ca ca.crt
cert mcdpmad01.crt
key mcdpmad01.key
dh dh1024.pem

server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt

push "route 192.168.1.0 255.255.255.0"
;push "route 10.150.0.0 255.255.0.0"
;push "dhcp-option DNS 10.150.20.6"
;push "dhcp-option DNS 10.150.20.2"
;push "dhcp-option DOMAIN mcd.fr.atosorigin.com"

client-to-client
duplicate-cn
keepalive 10 120
;tls-auth ta.key 0
;cipher BF-CBC        # Blowfish (default)
;cipher AES-128-CBC   # AES
;cipher DES-EDE3-CBC  # Triple-DES
comp-lzo
;max-clients 100
persist-key
persist-tun
status openvpn-status.log
log         openvpn.log
log-append  openvpn.log
verb 5
;mute 20

here the configuration of router and debian vpn

Code: Select all

echo 1 >  /proc/sys/net/ipv4/ip_forward

and this configuration for the router !

Code: Select all

iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE 

iptables -A FORWARD -i eth0 -o eth1 -j ACCEPT
iptables -A FORWARD -o eth0 -i eth1 -j ACCEPT

iptables -t nat -A PREROUTING -i eth1 -p udp -m udp --dport 1194 -j DNAT --to 192.168.1.2:1194
iptables -A FORWARD -d 192.168.1.2/24 -i eth1 -p udp -m udp --dport 1194 -j ACCEPT

Thank for your answer, I hope this problem can be resolv.

[noiro]

Ok,

The problem seems resolv, in fact, there are a problem with my virtual network card.
The driver, was not completely compatible. We made tests with real network card and it's works fine.

tks for your help.

[maikcat]

ok then

Closing topic

Michael