Re: OpenVPN throttling problem

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Tue, 2010-09-07 at 11:12 -0400, J Webster wrote:
> Would the clamping only be tcp specific?

Correct, MSS (maximum segment size) is a TCP specific
feature.

> Could I add the same rule for the udp VPN service?
> iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j 
> CPMSS  --clamp-mss-to-pmtu

Nope, see above. But for UDP this is not often
a problem, as most standard protocols that use
UDP have smaller packet sizes,
unless of course your video streaming is done via UDP ;)

> --------------------------------------------------
> From: "Thomas Jacob" <jacob@xxxxxxxxxxxxx>
> Sent: Tuesday, September 07, 2010 11:05 AM
> To: "J Webster" <webster_jack@xxxxxxxxxxx>
> Cc: <netfilter@xxxxxxxxxxxxxxx>
> Subject: Re: OpenVPN throttling problem
> 
> > On Tue, 2010-09-07 at 10:25 -0400, J Webster wrote:
> >> If the path MTU were not 1500 then why would the proxy server work 
> >> without
> >> video stuttering issues but the VPN have stuttering?
> >
> > Because OpenVPN seems to prevent the normal path MTU algorithms
> > from working in some instances, so the dynamic MSS/MTU
> > calculations cannot happen. Anyway, a proxy server
> > doesn't forward TCP packets in the way OpenVPN does,
> > it opens a new TCP connection and just relays the Web data stream,
> > so it's really quite a different thing.
> >
> >> I would have thought most broadband connections were not limited in that
> >> way?
> >
> > PPPoE DSL is, for instance.
> >
> >> I did try some MTU setting before of 1400, 1460, 1300 and the difference 
> >> was
> >> minimal.
> >
> > It's not enough to just configure that in OpenVPN, all the other
> > components (client NIC, gateway NICs, server NIC, intermediate router
> > NICs) also have their own MTU (hence the path MTU discovering
> > solution).
> >
> >> Not sure what else to try or how to troubleshoot. I suppose I could 
> >> follow
> >> the traffic but not sure if it would help resolve the throttling issue?
> >
> > Have you tried MSS clamping yet?
> >
> > http://lartc.org/howto/lartc.cookbook.mtu-mss.html
> >
> > 


--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux