On 23/09/2022 12:07, Jan Just Keijser wrote:
Hi Sebastian,
On 23/09/22 12:01, Sebastian Arcus wrote:
[...]
Hi and thank you again to both of you for the suggestions.
1. Running iperf3 as per instructions above to another machine on the
network, both in client and server mode, produces (nearly) gigabit
speeds - so the traffic is going directly through the lan and
bypassing the tunnel
2. However, trying to upload or download a large file to a Samba share
on the vpn server results in speeds of 300-700kbs - which equate to
our ADSL uplink
3. Also, watching the vpn traffic with iptraf on the server tun0
interface confirms that the smb traffic is all being redirected
through the tunnel
4. Shutting down openvpn on the server restores internal smb traffic
through the lan
[...]
Back to the bigger picture, I am puzzled as to how OpenVPN on the
Windows 10 client somehow interferes with routing of smb traffic, but
not other types of traffic such as the iperf speed tests. I've had
this issue start to crop up on several sites in the last few months,
so I a keen to get to the bottom of it and try to understand what is
going on if possible.
you have to keep in mind that traffic to and from the VPN server itself
is treated differently than traffic to all other hosts in the
server-side LAN. Traffic to the VPN server itself should never flow
through the tunnel, as otherwise the encrypted OpenVPN traffic itself
would also be routed through the tunnel, resulting in the infamous
"biting your own tail" problem.
Normally, the OpenVPN client will add a /32 route directly to the
OpenVPN server that bypasses the tunnel.
Having said that, I took another look at the routing table on the Win10
client and noticed something odd. The only /32 routes I could find are
192.168.112.236 255.255.255.255 On-link 192.168.112.236 281
192.168.112.255 255.255.255.255 On-link 192.168.112.236 281
the .236 address is the client , so I presume that the .255 address is
the VPN server IP ? If so, then you've got a very peculiar network
issue, as you say your network range is 192.168.112.0/24 . The
*broadcast* address for this network by definition is 192.168.112.255,
which would mean that your VPN server is occupying the same address as
the broadcast address - if true, then I am not surprised that this is
causing issues. Actually, I am surprised that things are working at all!
Please post the LAN IP address of the VPN server.
The lan IP of the openvpn server is 192.168.112.1. Wouldn't the .255 be
just a route for the broadcast address?
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
