Dear Ilya,
I've checked "Get-NetTCPConnection" command output on both win2012r2 and
win2016 servers.
win2012r2 server works as OpenVPN server. Internal IP address - 10.0.4.1.
OpenVPN tunnel IP address - 172.16.144.1
win2016 server works as OpenVPN client. Internal IP address - 10.0.44.1.
OpenVPN tunnel IP address - 172.16.144.18
*From win2012r2 server:*
PS C:\Users\Administrator> Get-NetTCPConnection -RemoteAddress 10.0.44.1
LocalAddress LocalPort RemoteAddress
RemotePort State AppliedSetting
------------ ---------
------------- ----------
----- --------------
172.16.144.1 56437 10.0.44.1
53005 Established *Datacenter*
PS C:\Users\Administrator> Get-NetTCPConnection -RemoteAddress 172.16.144.18
LocalAddress LocalPort RemoteAddress
RemotePort State AppliedSetting
------------ ---------
------------- ----------
----- --------------
10.0.4.1 11616 172.16.144.18
56882 Established *Datacenter*
10.0.4.1 11616 172.16.144.18
56905 Established *Datacenter*
*From win2016 server:*
PS C:\Users\Administrator> Get-NetTCPConnection -RemoteAddress 10.0.4.1
LocalAddress LocalPort RemoteAddress
RemotePort State AppliedSetting
OwningProcess
------------ ---------
------------- ----------
----- -------------- -------------
172.16.144.18 56905 10.0.4.1
11616 Established * Internet *
13300
172.16.144.18 56882 10.0.4.1
11616 Established * Internet *
13300
PS C:\Users\Administrator> Get-NetTCPConnection -RemoteAddress 172.16.144.1
LocalAddress LocalPort RemoteAddress
RemotePort State AppliedSetting
OwningProcess
------------ ---------
------------- ----------
----- -------------- -------------
10.0.44.1 53005 172.16.144.1
56437 Established *Internet*
13300
I've changed the "AppliedSetting" value to Datacenter on win2016 server as
well by running this commands and restarting the VPN:
New-NetTransportFilter -SettingName Datacenter -DestinationPrefix
10.0.4.0/24
New-NetTransportFilter -SettingName Datacenter -DestinationPrefix
172.16.144.0/24
Now it shows Datacenter on both servers. But the network speed remains the
same. My changes do not affect the issue.
I've noticed that global TCP settings influence that, especially "Chimney
Offload", "Congestion Control Provider" and "ECN Capability":
C:\Users\Administrator> netsh int tcp show global
Querying active state...
TCP Global Parameters
----------------------------------------------
Receive-Side Scaling State : enabled
Chimney Offload State : disabled
NetDMA State : disabled
Direct Cache Access (DCA) : disabled
Receive Window Auto-Tuning Level : normal
Add-On Congestion Control Provider : default
ECN Capability : enabled
RFC 1323 Timestamps : disabled
Initial RTO : 3000
Receive Segment Coalescing State : enabled
Non Sack Rtt Resiliency : disabled
Max SYN Retransmissions : 2
TCP Fast Open : disabled
That is why I believe that the root cause of the issue lies in "Congestion
Control Provider" setting. But I am unable to change it
On Thu, Oct 4, 2018 at 7:50 AM Илья Шипицин <chipits...@gmail.com> wrote:
> Hello,
>
> can you do some things and tell us your observation ?
>
> starting with win2012 so called network profiles were introduced (Internet
> / Intranet / Datacenter)
> those profiles are very different for tcp connection (if you observe
> degradation in case of udp, most probably that is not related)
>
>
> so, let's start
>
> start powershell (I assume you are familiar)
> call
>
> Get-NetTCPConnection
>
> pay attention to "AppliedSetting" column.
> what's there ?
>
> we did observe strange things when win2012 classified some traffic as
> "Internet" and appropriate tcp settings were applied.
>
> is there some correlation in your case ?
>
> ср, 3 окт. 2018 г. в 20:45, Rostyslav Maryliak <
> rostyslav.maryl...@idealscorp.com>:
>
>> Dear OpenVPN developers,
>>
>> I've faced a very strange issue with slow outbound network speed from
>> Windows Server 2016 Standard server via the OpenVPN tunnel.
>> OpenVPN server is Windows Server 2012 R2, client is Windows Server 2016.
>> The inbound network speed for Windows Server 2016 is great.
>> But the outbound network speed is nearly 30-40 kbps. I've got the same
>> results using several tests: iperf testings, file download via SMB,
>> Web-based downloading (using HTTP) etc.
>>
>> The tunnels is getting up and it works greatly, but only in one direction
>> - from Windows Server 2012 R2 to Windows Server 2016.
>> I've been using such server-client configurations setup for several years
>> with Windows Server 2012 R2 servers and I've never faced such issue before.
>> At first I thought that our ISP has some network limitations, but it
>> turned out that the same tests shows great network speed results using the
>> public IP addresses in both directions.
>> The issue only occurs inside the VPN tunnel. I've spent 3 days tryng to
>> figure it out, but failed. I've installed all latest Windows updates,
>> reinstalled OpenVPN, tried to switch from UDP to TCP,
>> played with performance settings in configs (link-mtu, sndbuf, rcvbuf
>> etc) but still no luck. I've tested the same setup between two Windows
>> Server 2012 R2 servers and it works greatly in both directions.
>> Then I've tested it with another Windows Server 2016 Standard server
>> (different server and different ISP) and it showed the same awful results
>> in outbound direction.
>> When I've set the same OpenVPN tunnel between two Windows Server 2016
>> Standard servers I've got the same poor network speed in both directions.
>>
>> I believe that the issue is somehow related only to the Windows Server
>> 2016 version and I am more than confident that it depends on server's TCP
>> stack settings.
>> I've noticed that Windows Server 2016 has a congestion control provider
>> setting set to "default", while previous versions of Windows has this
>> setting set to "none".
>>
>> I've created a topic on OpenVPN Support Forum and it was suggested to
>> post my issue to you and reference the thread.
>>
>> You can reference to the
>> https://forums.openvpn.net/viewtopic.php?f=6&t=27173 for config files
>> and additional information.
>>
>> Have you faced a similar issue before? Can you provide any hint how can I
>> resolve the issue? What did I missed?
>> I would be very grateful for any help. Thank you in advance.
>>
>>
>> --
>>
>> Best regards,
>>
>> *Rostyslav Maryliak*
>>
>> System Administrator
>>
>>
>>
>> *iDeals™ Solutions Group*| + 38(073)437-72-51
>> <%2B%2038%28093%29575-35-16> | Skype: rostyslav.maryliak.ideals|
>> *rostyslav.maryl...@idealscorp.com
>> <dmitry.zaporozhche...@idealscorp.com>* | www.idealsvdr.com
>> <http://www.idealscorp.com/>
>>
>> CONFIDENTIALITY NOTE: The information transmitted, including attachments,
>> is intended only for the person(s) or entity to which it is addressed and
>> may contain confidential and/or privileged material. Any review,
>> retransmission, dissemination or other use of, or taking of any action in
>> reliance upon this information by persons or entities other than the
>> intended recipient is prohibited. If you received this in error, please
>> contact the sender and destroy any copies of this information.
>> _______________________________________________
>> Openvpn-devel mailing list
>> Openvpn-devel@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/openvpn-devel
>>
>
--
Best regards,
*Rostyslav Maryliak*
System Administrator
*iDeals™ Solutions Group*| + 38(073)437-72-51 <%2B%2038%28093%29575-35-16> |
Skype: rostyslav.maryliak.ideals| *rostyslav.maryl...@idealscorp.com
<dmitry.zaporozhche...@idealscorp.com>* | www.idealsvdr.com
<http://www.idealscorp.com/>
--
CONFIDENTIALITY NOTE:
The information transmitted, including attachments,
is intended only for the person(s) or entity to which it is addressed and
may contain confidential and/or privileged material. Any review,
retransmission, dissemination or other use of, or taking of any action in
reliance upon this information by persons or entities other than the
intended recipient is prohibited. If you received this in error, please
contact the sender and destroy any copies of this information.
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
