Page 1 of 1
[SOLVED] OpenVPN, lost paquets in transmition...
Posted: Thu May 19, 2011 11:13 am
by noiro
Hello,
I have a small problem with my setup Open VPN All works but when I make a transfer through the VPN, the connection is made, it starts, starts to move, then after a few seconds the network throughput drops to 0% and then loses the conection. (I'm forced to resume the transfer, but the problem comes back).
My MTU setting is well settled ... but I do not understand why I have this problem of packet loss ...
Re: OpenVPN, lost paquets in transmition...
Posted: Thu May 19, 2011 1:00 pm
by maikcat
hi there,
please post configs (server,client).
are you using tcp? if yes try udp also..
Michael.
Re: OpenVPN, lost paquets in transmition...
Posted: Thu May 19, 2011 1:28 pm
by noiro
hy
yes, I use UDP, and i'm on debian
Here my conf files :
server :
Code: Select all
port 1194
proto udp
dev tun
tls-server
mssfix 1400
link-mtu 1472
fragment 1300
ca ca.crt
cert server.crt
key server.key
dh dh1024.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "route 20.130.0.0 255.255.0.0"
push "dhcp-option DNS 20.130.20.6"
push "dhcp-option DNS 20.130.20.2"
push "dhcp-option DOMAIN workplace.com"
client-to-client
keepalive 10 120
persist-key
persist-tun
status openvpn-status.log
log openvpn.log
log-append openvpn.log
verb 3
username-as-common-name
plugin /usr/lib/openvpn/openvpn-auth-pam.so openvpn
client-cert-not-required
and my client :
Code: Select all
client
dev tun
proto udp
remote 127.20.0.1 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
ns-cert-type server
comp-lzo
verb 3
auth-user-pass
fragment 1300
mssfix 1400
thanks for help
Re: OpenVPN, lost paquets in transmition...
Posted: Fri May 20, 2011 8:17 am
by maikcat
hi there,
please post server logs as well..
>the connection is made, it starts, starts to move, then after a few seconds the network throughput drops to >0% and then loses the conection. (I'm forced to resume the transfer, but the problem comes back).
what exactly are you doing?file copy? which service (ftp,smb)?
if you ping using large packets do you see packet loss as well?
Michael.
Re: OpenVPN, lost paquets in transmition...
Posted: Fri May 20, 2011 12:11 pm
by noiro
Hy,
it's a files copy, smb. good for 1/10 time of tranfert at 3MB/s and after the transfert stop working...
I will send you a copy of networks capture if this could help you :
download :
http://dl.free.fr/qE4F8Br7z
and log files is here :
http://dl.free.fr/vSX4e8XfU
Re: OpenVPN, lost paquets in transmition...
Posted: Thu May 26, 2011 10:24 am
by noiro
up...
Re: OpenVPN, lost paquets in transmition...
Posted: Thu May 26, 2011 12:13 pm
by maikcat
hi there,
<copied from another post - answer by user janjust>
<quote>
there are a couple of things to try:
1) determine the optimal MTU value; this can be done by pinging the server using
Code:
ping -M do -s <size> server
on linux or using
Code:
ping -f -l <size> server
on Windows; vary <size> to find the optimal value; I'd start out with 1472 , as that is the default for ethernet networks.
If the MTU needs to be lowered then lower it on both ends
2) specify an 'mssfix' value e.g
Code:
mssfix 1400
to the server config and restart the server.
</quote>
ps: can you try verb 5 and post part of the log when you loose connection..?
Michael
Re: OpenVPN, lost paquets in transmition...
Posted: Thu May 26, 2011 1:57 pm
by noiro
Ok, mtu is good ... msfix is not defined...
We make a test environement for determine why it do that. All configurations is on the same switch.
We make a First computer > WIN7 with
192.168.0.21 ip adress
We make a router in Debian with 2 network interface :
one in > Eth0
192.168.1.20
and the other > Eth1
192.168.0.20
We make a second debian with OpenVPN > Eth0
192.168.1.2
And the final computer is in WIN7 >
192.168.1.3
The translation between router and the VPN is in UDP / NAT
------
result :
The ping between 192.168.0.21 and 192.168.1.3 is good, when in make a TSE between these computer, it's good but very slow. When I made a big transfert by a windows sharing, the transfert begin at 30 Megabyte/s for 20 secondes and falls at 0 Kb/s
The links between two machines is already works...
------
I don't understand...
here our config files :
Code: Select all
dev tun
proto udp
remote 192.168.0.20 1194
resolv-retry infinite
nobind
persist-key
persist-tun
#tun-mtu 1500
#link-mtu 1472
#tls-client
#mssfix 1400
#fragment 1300
#no-replay
verb 5
ca ca.crt
key A206698.key
cert A206698.crt
ns-cert-type server
comp-lzo
Code: Select all
port 1194
proto udp
dev tun
ca ca.crt
cert mcdpmad01.crt
key mcdpmad01.key
dh dh1024.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "route 192.168.1.0 255.255.255.0"
;push "route 10.150.0.0 255.255.0.0"
;push "dhcp-option DNS 10.150.20.6"
;push "dhcp-option DNS 10.150.20.2"
;push "dhcp-option DOMAIN mcd.fr.atosorigin.com"
client-to-client
duplicate-cn
keepalive 10 120
;tls-auth ta.key 0
;cipher BF-CBC # Blowfish (default)
;cipher AES-128-CBC # AES
;cipher DES-EDE3-CBC # Triple-DES
comp-lzo
;max-clients 100
persist-key
persist-tun
status openvpn-status.log
log openvpn.log
log-append openvpn.log
verb 5
;mute 20
here the configuration of router and debian vpn
Code: Select all
echo 1 > /proc/sys/net/ipv4/ip_forward
and this configuration for the router !
Code: Select all
iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
iptables -A FORWARD -i eth0 -o eth1 -j ACCEPT
iptables -A FORWARD -o eth0 -i eth1 -j ACCEPT
iptables -t nat -A PREROUTING -i eth1 -p udp -m udp --dport 1194 -j DNAT --to 192.168.1.2:1194
iptables -A FORWARD -d 192.168.1.2/24 -i eth1 -p udp -m udp --dport 1194 -j ACCEPT
Thank for your answer, I hope this problem can be resolv.
Re: OpenVPN, lost paquets in transmition...
Posted: Tue Jun 14, 2011 2:05 pm
by noiro
Ok,
The problem seems resolv, in fact, there are a problem with my virtual network card.
The driver, was not completely compatible. We made tests with real network card and it's works fine.
tks for your help.
Re: OpenVPN, lost paquets in transmition...
Posted: Wed Jun 15, 2011 7:59 am
by maikcat
ok then
Closing topic
Michael