I have tried by adding these lines to the iptables script and restarted it:
-A POSTROUTING -o eth0 -p tcp -m tcp --tcp-flags SYN,RST SYN -j
TCPMSS --set-mss 1460
-A POSTROUTING -o eth0 -p tcp -m tcp --tcp-flags SYN,RST SYN -j
TCPMSS --clamp-mss-to-pmtu
However, the stuttering still occurs on the VPN server.
Some at the OpenVPN users list suggested that I could change the windows tcp
stack?
"I was doing some testing with iperf, and found that changing the TCP
Window size can have a significant impact (~ 5-10x). Have you tried this?"
I think I have already done this but cannit see why that should make a
massive difference. Not only that, but once you get into editing registry
entried, it;s beyond the capabilities of most client users.
--------------------------------------------------
From: "Thomas Jacob" <jacob@xxxxxxxxxxxxx>
Sent: Tuesday, September 07, 2010 11:20 AM
To: "J Webster" <webster_jack@xxxxxxxxxxx>
Cc: <netfilter@xxxxxxxxxxxxxxx>
Subject: Re: OpenVPN throttling problem
On Tue, 2010-09-07 at 11:12 -0400, J Webster wrote:
Would the clamping only be tcp specific?
Correct, MSS (maximum segment size) is a TCP specific
feature.
Could I add the same rule for the udp VPN service?
iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j
CPMSS --clamp-mss-to-pmtu
Nope, see above. But for UDP this is not often
a problem, as most standard protocols that use
UDP have smaller packet sizes,
unless of course your video streaming is done via UDP ;)
--------------------------------------------------
From: "Thomas Jacob" <jacob@xxxxxxxxxxxxx>
Sent: Tuesday, September 07, 2010 11:05 AM
To: "J Webster" <webster_jack@xxxxxxxxxxx>
Cc: <netfilter@xxxxxxxxxxxxxxx>
Subject: Re: OpenVPN throttling problem
> On Tue, 2010-09-07 at 10:25 -0400, J Webster wrote:
>> If the path MTU were not 1500 then why would the proxy server work
>> without
>> video stuttering issues but the VPN have stuttering?
>
> Because OpenVPN seems to prevent the normal path MTU algorithms
> from working in some instances, so the dynamic MSS/MTU
> calculations cannot happen. Anyway, a proxy server
> doesn't forward TCP packets in the way OpenVPN does,
> it opens a new TCP connection and just relays the Web data stream,
> so it's really quite a different thing.
>
>> I would have thought most broadband connections were not limited in
>> that
>> way?
>
> PPPoE DSL is, for instance.
>
>> I did try some MTU setting before of 1400, 1460, 1300 and the
>> difference
>> was
>> minimal.
>
> It's not enough to just configure that in OpenVPN, all the other
> components (client NIC, gateway NICs, server NIC, intermediate router
> NICs) also have their own MTU (hence the path MTU discovering
> solution).
>
>> Not sure what else to try or how to troubleshoot. I suppose I could
>> follow
>> the traffic but not sure if it would help resolve the throttling
>> issue?
>
> Have you tried MSS clamping yet?
>
> http://lartc.org/howto/lartc.cookbook.mtu-mss.html
>
>
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
