Setup on Win2008 R2

[cwhitmore]

I've installed OpenVPN on both my local and remote server, but both show the TAP driver as disconnected. Is that normal?

Also, I'm trying to run this command, but can't since both source and destination IPs are on different subnets. Can someone help with setup of config file or command line below?

Source Server:
Windows 2008 R2
Traffic: SMB
Name: Server2
IP: 192.168.100.14

Destination Server:
Windows 2008 R2
Traffic: SMB
Name: Server3
IP: 192.168.5.41

Here is command line for source server:
openvpn --cipher none --comp-lzo yes --remote server3 --ifconfig 192.168.100.14 192.168.5.41 --verb 4 --dev tun

Here is the command for the destination server:
openvpn --cipher none --comp-lzo yes --remote server2 --ifconfig 192.168.5.41 192.168.100.14 --verb 4 --dev tun

[maikcat]

hi there,

>I've installed OpenVPN on both my local and remote server, but both show the TAP driver as disconnected. Is that normal?

it will show as connected if openvpn service is up and running (with no config errors)

you have to keep in mind that openvpn creates a new adapter which needs an ip address
*besides* your lan ip (when you use routing -- den tun)

try using a seperate subnet ip for your vpn and check again.

cheers,

michael.

[cwhitmore]

Okay, I can get the connection to work, but I can't ping. I have internal gateway at source 192.168.100.1 and MPLS gateway 192.168.100.3 then at destination internal gateway is 192.168.5.1 and MPLS gateway is 192.168.5.3. Here is my setup:

Source Server: 192.168.100.14
Gateway: 192.168.100.3
Alternate IP on Source Server: 192.168.222.33
Gateway: 192.168.222.1
VPN IP: 192.168.199.1

Config file:
route 192.168.5.0 255.255.255.0
remote 192.168.5.41
ifconfig 192.168.199.1 192.168.199.2
comp-lzo yes
dev tun1

Destination Server: 192.168.5.41
Gateway: 192.168.5.3
Alternate IP on Destination Server: 192.168.5.40
Gateway: 192.168.5.1

Config file:
route 192.168.222.0 255.255.255.0
remote 192.168.100.14
ifconfig 192.168.199.2 192.168.199.1
comp-lzo yes
dev tun1

I'm getting errors on both sides saying that the incorrect IP is trying to send data. How can I allow data coming in on the source from 192.168.5.40 and 192.168.5.41? and on the destination 192.168.222.33 and 192.168.100.14?

[cwhitmore]

I got around the packets being rejected error by adding the "float" option, but it doesn't look like the compression is working. How can I force ftp traffic to flow from my source IP (192.168.100.14), to my destination IP (192.168.5.41) without getting the "packet rejected... expecting IP .... instead" errors?
Also, how can I verify the packets are getting compressed?

[maikcat]

hi there,

i noticed in the destination server that is has 2 ips (aliases?)
that are both in the same subnet (192.168.5.40,192.168.5.41) and there
are 2 gateways (192.168.5.1,192.168.5.3)
are the above ok?

why both servers have 2 ips AND 2 gateways?

for the compression stuff,
if you transfer via ftp zip file ,i dont think you will see big difference...
what filetypes you transfer?

cheers,

michael.

[cwhitmore]

Michael,
These two boxes are SANs so they have IP addresses pointing to each other as well as to Hosts. My goal was to speed up the async mirror between them. I have no need for encryption. The reason for having two IPs in the same subnet was to have one pointing to my internal router (192.168.5.1) and one pointing to the MPLS router (192.168.5.3) for faster response. I don't see the packet reject errors now that I added "float" to both configs, but ideally I would only want compressed traffic between 192.168.100.14 and 192.168.5.41.

Here are my config files:
(Source 192.168.100.14)
route 192.168.5.0 255.255.255.0 192.168.100.3
remote 192.168.5.41
ifconfig 192.168.199.1 192.168.199.2
cipher none
comp-lzo
comp-noadapt
dev tun1
float

(Destination 192.168.5.41)
cipher none
route 192.168.100.0 255.255.255.0 192.168.5.3
remote 192.168.100.14
ifconfig 192.168.199.2 192.168.199.1
comp-lzo
comp-noadapt
float
dev tun1

thanks,
Carlton.

[maikcat]

>These two boxes are SANs so they have IP addresses pointing to each other as well as to Hosts. My goal >was to speed up the async mirror between them. I have no need for encryption. The reason for having two >IPs in the same subnet was to have one pointing to my internal router (192.168.5.1) and one pointing to >the MPLS router (192.168.5.3) for faster response. I don't see the packet reject errors now that I added >"float" to both >configs, but ideally I would only want compressed traffic between 192.168.100.14 and 192.168.5.41.

to be honest i dont quite understand the above,but ok...

i would like to say the following..

generaly i believe the use of ip aliases in the SAME ip subnet is not a good idea

if you use openvpn (regardless of encryption) you add overhead because you encapsulate traffic
for sending it over the vpn tunnel ,this increases load.
which protocol you use for sync?...some protocols do compression (rsync)

if i wanted to increase the sync speed i would first try to look if the protocol i used for sync
does some type of compression...

i am happy to hear your thoughts..

ps:are you using 2008 storage server?

cheers,

michael.

[cwhitmore]

Michael,
The two SANs are running Windows 2008 R2 and the SAN software is Datacore SanMelody which works very well for our Hyper-V environment. There are two options for the WAN mirror, FTP and SMB. After doing some testing the SMB over OpenVPN is atleast 25% faster. I've been monitoring the traffic and over a 4.5Mb connection we're getting as much as 680KB/sec throughput with OpenVPN compression. Without OpenVPN we're getting around 400KB/sec.

Thanks for your help on this. What a great open source tool!