dual gateway with routing issues and tinc-up and host-up scripts for windows clients?
Hello everybody, I am doing some test with TINC and Windows 7 and I am having some issues with routing. (see attachment for the client configuration) The set-up I configured uses DHCP over the TINC tunnel and the Windows guests ends up with two gateways (one from its own network and one from the TINC network). The problem is that traffic when browsing the internet should go over the TINC tunnel as well and now it is currently split. I thought I would change the TINC gateways metric to be lower then the gateway from the standard Windows client, but this does not provide a stable solution as the clients internet stops working completely from time to time. How can I execute a dynamic script under Windows when the TINC tunnel comes up? To say execute the following command: route ADD 0.0.0.0 MASK 255.255.252.0 192.168.200.1 METRIC 5 IF 24 Any advice would be much appreciated. Kind regards, Jelle de Jong irc: tuxcrafter #--- # open command promt with admin rights cd c:\Users\IEUser\Downloads # install Windows Resource Kit Tool msiexec /i subinacl.msi # install TINC-VPN tinc-1.0.26-install.exe #--- cd "c:\Program Files\tinc" mkdir powercraft01 echo ConnectTo = server01 > powercraft01\tinc.conf echo Interface = PowerCraftVPN >> powercraft01\tinc.conf echo Mode = switch >> powercraft01\tinc.conf echo Name = client02 >> powercraft01\tinc.conf mkdir powercraft01\hosts echo Address = tinc.powercraft.nl > powercraft01\hosts\server01 #--- echo -BEGIN RSA PUBLIC KEY- >> powercraft01/hosts/server01 ... echo -END RSA PUBLIC KEY- >> powercraft01/hosts/server01 #--- echo Compression = 9 > powercraft01/hosts/client02 echo PMTU = 1400 >> powercraft01/hosts/client02 echo PMTUDiscovery = yes >> powercraft01/hosts/client02 #--- echo -BEGIN RSA PUBLIC KEY- >> powercraft01/hosts/client02 ... echo -END RSA PUBLIC KEY- >> powercraft01/hosts/client02 #--- echo -BEGIN RSA PRIVATE KEY- >> powercraft01/rsa_key.priv ... echo -END RSA PRIVATE KEY- >> powercraft01/rsa_key.priv # todo: set permissions for rsa_key.priv file windows, this may not be needed #--- # install tap device C:\Program Files\tinc>tap-win32\addtap.bat # change name of created interface to PowerCraftVPN wmic nic where "Caption like '%TAP-Win32 Adapter V9'" set NetConnectionID=PowerCraftVPN # set interface metric to 5 netsh interface ipv4 set interface "PowerCraftVPN" metric=5 store=persistent # windows .bat example that needs some work to rename interface using a script http://wiki.cementhorizon.com/display/CH/How+to+install+and+configure+tinc+on+Windows+7+and+Ubuntu+10.10+Linux+and+CentOS+5 #--- # create the services C:\Program Files\tinc>tincd.exe -n powercraft01 tinc.powercraft01 service installed tinc.powercraft01 service started #--- # set permissions to star/stop/pause/resume the tinc service for user: IEUser C:\Windows\system32>"C:\Program Files\Windows Resource Kits\Tools\subinacl.exe" /service tinc.powercraft01 /grant=IEUser=PTO # set tinc service to start manually c:\Program Files\tinc>sc config tinc.powercraft01 start= demand [SC] ChangeServiceConfig SUCCESS #--- # Using the PowerCraftVPN C:\Users\IEUser>net stop tinc.powercraft01 The tinc.powercraft01 service is stopping. The tinc.powercraft01 service was stopped successfully. C:\Users\IEUser>net start tinc.powercraft01 The tinc.powercraft01 service is starting. The tinc.powercraft01 service was started successfully. #--- # check route c:\Program Files\tinc>route print # check ipconfig c:\Program Files\tinc>ipconfig #--- ___ tinc mailing list tinc@tinc-vpn.org http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc
wireguard what do you guys tinc?
Hello everybody, I saw Guus already had contact with Jason over email. What do you guys tinc of wireguards, are there advantages? Jason seems to have a good grip of what he is talking about. https://fosdem.org/2017/schedule/event/wireguard/attachments/slides/1675/export/events/attachments/wireguard/slides/1675/wireguard_slides.pdf https://fosdem.org/2017/schedule/event/wireguard/ Kind regards, Jelle de Jong ___ tinc mailing list tinc@tinc-vpn.org https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc
request for advice to increase throughput and lower latency
Hello everybody, I am using fairly standard setup with tinc version 1.0.31 on Debian 9.1 and Windows Pro 7 clients, however the users complain that tinc is very slow. (they connect to smb shares and transfer files). This is my configuration the client host files only have the keys. http://paste.debian.net/plainh/7a904554 Any advice and options to speed the connections up. What Cypher will be better, I got CPU power and memory on the tincd server side. Thank you all in advance, Kind regards, Jelle de Jong ___ tinc mailing list tinc@tinc-vpn.org https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc
debugging, dns resolving not stable with tinc to linux bridge and increasing clients
Hello everybody, I am starting to debug a issue I have with a tinc server. Tinc server is connected to a Linux bridge br0 to a local network and every Tinc client connects with DHCP over this bridge to the local network. DNS and everything else are going over the tinc vpn connection. The past few months the clients (all windows) are reporting that DNS resolving stops working and they have to restart the TINC client and the TINC server to make it work again. The number of clients and traffic has increased the past few months and I am wondering what bottle neck may be causing this behaviour, the clients are connected and they have access to the Windows domain and file server, but DNS resolving stops working. # brctl showmacs br0 | wc -l 116 Their are no overflow messages from the kernel. The only errors I can find are "Metadata socket read errors" net.ipv4.neigh.default.gc_thresh1 = 128 net.ipv4.neigh.default.gc_thresh2 = 512 net.ipv4.neigh.default.gc_thresh3 = 1024 net.ipv4.neigh.default.gc_interval = 30 net.ipv4.neigh.default.gc_stale_time = 60 This is a ipv4 only TINC server. Any ideas? Kind regards and best wishes, Jelle de Jong (GNU/Linux Consultant) PowerCraft Technology I: www.powercraft.nl T: +3185 060 9913 M: +316 1218 2441 ___ tinc mailing list tinc@tinc-vpn.org https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc
how to pick cipher for AES-NI enabled AMD GX-412TC SOC tincd at 100% CPU
Hello everybody, First a big thanks for tinc-vpn I am still using it next to wireguard and openvpn. I am having a setup where the tinc debian appliance is at 100% cpu load doing about 7.5MB/s. Compression = 9 PMTU = 1400 PMTUDiscovery = yes Cipher = aes-128-cbc How can I pick a cipher that is the fasted for my CPU and don't create a CPU bottleneck at 100%. Kind regards, Jelle de Jong root@officelink01:~# lscpu Architecture:x86_64 CPU op-mode(s): 32-bit, 64-bit Byte Order: Little Endian Address sizes: 40 bits physical, 48 bits virtual CPU(s): 4 On-line CPU(s) list: 0-3 Thread(s) per core: 1 Core(s) per socket: 4 Socket(s): 1 NUMA node(s):1 Vendor ID: AuthenticAMD CPU family: 22 Model: 48 Model name: AMD GX-412TC SOC Stepping:1 CPU MHz: 775.729 CPU max MHz: 1000. CPU min MHz: 600. BogoMIPS:1996.08 Virtualization: AMD-V L1d cache: 32K L1i cache: 32K L2 cache:2048K NUMA node0 CPU(s): 0-3 Flags: fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ht syscall nx mmxext fxsr_opt pdpe1gb rdtscp lm constant_tsc rep_good acc_power nopl nonstop_tsc cpuid extd_apicid aperfmperf pni pclmulqdq monitor ssse3 cx16 sse4_1 sse4_2 movbe popcnt aes xsave avx f16c lahf_lm cmp_legacy svm extapic cr8_legacy abm sse4a misalignsse 3dnowprefetch osvw ibs skinit wdt topoext perfctr_nb bpext ptsc perfctr_llc cpb hw_pstate ssbd vmmcall bmi1 xsaveopt arat npt lbrv svm_lock nrip_save tsc_scale flushbyasid decodeassists pausefilter pfthreshold overflow_recov root@officelink01:~# openssl help Standard commands asn1parse caciphers cms crl crl2pkcs7 dgst dhparam dsa dsaparam ececparam enc engineerrstrgendsa genpkey genrsahelp list nseq ocsp passwdpkcs12 pkcs7 pkcs8 pkey pkeyparam pkeyutl prime rand rehash req rsa rsautls_client s_server s_timesess_id smime speed spkac srp storeutl tsverifyversion x509 Message Digest commands (see the `dgst' command for more details) blake2b512blake2s256gost md4 md5 rmd160sha1 sha224 sha256sha3-224 sha3-256 sha3-384 sha3-512 sha384sha512sha512-224 sha512-256shake128 shake256 sm3 Cipher commands (see the `enc' command for more details) aes-128-cbc aes-128-ecb aes-192-cbc aes-192-ecb aes-256-cbc aes-256-ecb aria-128-cbc aria-128-cfb aria-128-cfb1 aria-128-cfb8 aria-128-ctr aria-128-ecb aria-128-ofb aria-192-cbc aria-192-cfb aria-192-cfb1 aria-192-cfb8 aria-192-ctr aria-192-ecb aria-192-ofb aria-256-cbc aria-256-cfb aria-256-cfb1 aria-256-cfb8 aria-256-ctr aria-256-ecb aria-256-ofb base64 bfbf-cbcbf-cfbbf-ecb bf-ofbcamellia-128-cbc camellia-128-ecb camellia-192-cbc camellia-192-ecb camellia-256-cbc camellia-256-ecb cast cast-cbc cast5-cbc cast5-cfb cast5-ecb cast5-ofb des des-cbc des-cfb des-ecb des-ede des-ede-cbc des-ede-cfb des-ede-ofb des-ede3 des-ede3-cbc des-ede3-cfb des-ede3-ofb des-ofb des3 desx rc2 rc2-40-cbcrc2-64-cbcrc2-cbc rc2-cfb rc2-ecb rc2-ofb rc4 rc4-40seed seed-cbc seed-cfb seed-ecb seed-ofb sm4-cbc sm4-cfb sm4-ctr sm4-ecb sm4-ofb root@officelink01:~# openssl speed -elapsed -evp aes-128-cbc You have chosen to measure elapsed time instead of user CPU time. Doing aes-128-cbc for 3s on 16 size blocks: 13905799 aes-128-cbc's in 3.00s Doing aes-128-cbc for 3s on 64 size blocks: 6572120 aes-128-cbc's in 3.00s Doing aes-128-cbc for 3s on 256 size blocks: 2254183 aes-128-cbc's in 3.00s Doing aes-128-cbc for 3s on 1024 size blocks: 623111 aes-128-cbc's in 3.00s Doing aes-128-cbc for 3s on 8192 size blocks: 80058 aes-128-cbc's in 3.00s Doing aes-128-cbc for 3s on 16384 size blocks: 40180 aes-128-cbc's in 3.00s OpenSSL 1.1.1d 10 Sep 2019 built on: Sat Oct 12 19:56:43 2019 UTC options:bn(64,64) rc4(8x,int) des(int) aes(partial) blowfish(ptr) compiler: gcc -fP
Re: how to pick cipher for AES-NI enabled AMD GX-412TC SOC tincd at 100% CPU
Hello everybody, Thank you Fufu Fang for your quick reply: With tinc version 1.0.35 and the bellow options at 100% CPu load i get about 10 MB/s... PMTU = 1400 PMTUDiscovery = yes #Cipher = none Cipher = chacha20-poly1305 Digest = blake2b512 Tried Cipher = none as well and also got 10MB/s with 100% CPU on one thread the other three available threads are idle. With inc_1.1~pre17-1.1_amd64.deb and libssl1.1:amd64 1.1.1d-0+deb10u2 I get the following error: Apr 04 19:03:19 officelink01 tincd[522]: Error while decrypting: error:060A7094:digital envelope routines:EVP_EncryptUpdate:invalid operation installation steps: wget http://ftp.nl.debian.org/debian/pool/main/t/tinc/tinc_1.1~pre17-1.1_amd64.deb dpkg -i tinc_1.1~pre17-1.1_amd64.deb apt-get -f install Any speed improvement ideas? Kind regards, Jelle On 2020-04-04 20:02, Jelle de Jong wrote: Hello everybody, First a big thanks for tinc-vpn I am still using it next to wireguard and openvpn. I am having a setup where the tinc debian appliance is at 100% cpu load doing about 7.5MB/s. Compression = 9 PMTU = 1400 PMTUDiscovery = yes Cipher = aes-128-cbc How can I pick a cipher that is the fasted for my CPU and don't create a CPU bottleneck at 100%. Kind regards, Jelle de Jong root@officelink01:~# lscpu Architecture: x86_64 CPU op-mode(s): 32-bit, 64-bit Byte Order: Little Endian Address sizes: 40 bits physical, 48 bits virtual CPU(s): 4 On-line CPU(s) list: 0-3 Thread(s) per core: 1 Core(s) per socket: 4 Socket(s): 1 NUMA node(s): 1 Vendor ID: AuthenticAMD CPU family: 22 Model: 48 Model name: AMD GX-412TC SOC Stepping: 1 CPU MHz: 775.729 CPU max MHz: 1000. CPU min MHz: 600. BogoMIPS: 1996.08 Virtualization: AMD-V L1d cache: 32K L1i cache: 32K L2 cache: 2048K NUMA node0 CPU(s): 0-3 Flags: fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ht syscall nx mmxext fxsr_opt pdpe1gb rdtscp lm constant_tsc rep_good acc_power nopl nonstop_tsc cpuid extd_apicid aperfmperf pni pclmulqdq monitor ssse3 cx16 sse4_1 sse4_2 movbe popcnt aes xsave avx f16c lahf_lm cmp_legacy svm extapic cr8_legacy abm sse4a misalignsse 3dnowprefetch osvw ibs skinit wdt topoext perfctr_nb bpext ptsc perfctr_llc cpb hw_pstate ssbd vmmcall bmi1 xsaveopt arat npt lbrv svm_lock nrip_save tsc_scale flushbyasid decodeassists pausefilter pfthreshold overflow_recov root@officelink01:~# openssl help Standard commands asn1parse ca ciphers cms crl crl2pkcs7 dgst dhparam dsa dsaparam ec ecparam enc engine errstr gendsa genpkey genrsa help list nseq ocsp passwd pkcs12 pkcs7 pkcs8 pkey pkeyparam pkeyutl prime rand rehash req rsa rsautl s_client s_server s_time sess_id smime speed spkac srp storeutl ts verify version x509 Message Digest commands (see the `dgst' command for more details) blake2b512 blake2s256 gost md4 md5 rmd160 sha1 sha224 sha256 sha3-224 sha3-256 sha3-384 sha3-512 sha384 sha512 sha512-224 sha512-256 shake128 shake256 sm3 Cipher commands (see the `enc' command for more details) aes-128-cbc aes-128-ecb aes-192-cbc aes-192-ecb aes-256-cbc aes-256-ecb aria-128-cbc aria-128-cfb aria-128-cfb1 aria-128-cfb8 aria-128-ctr aria-128-ecb aria-128-ofb aria-192-cbc aria-192-cfb aria-192-cfb1 aria-192-cfb8 aria-192-ctr aria-192-ecb aria-192-ofb aria-256-cbc aria-256-cfb aria-256-cfb1 aria-256-cfb8 aria-256-ctr aria-256-ecb aria-256-ofb base64 bf bf-cbc bf-cfb bf-ecb bf-ofb camellia-128-cbc camellia-128-ecb camellia-192-cbc camellia-192-ecb camellia-256-cbc camellia-256-ecb cast cast-cbc cast5-cbc cast5-cfb cast5-ecb cast5-ofb des des-cbc des-cfb des-ecb des-ede des-ede-cbc des-ede-cfb des-ede-ofb des-ede3 des-ede3-cbc des-ede3-cfb des-ede3-ofb des-ofb des3 desx rc2 rc2-40-cbc rc2-64-cbc rc2-cbc rc2-cfb rc2-ecb rc2-ofb rc4 rc4-40 seed seed-cbc se
Re: how to pick cipher for AES-NI enabled AMD GX-412TC SOC tincd at 100% CPU
Hello everybody, I would also love to know how I can optimize my tinc setup so it goes faster without using 100% CPU load for 10MB/s... Kind regards, Jelle de Jong On 2020-04-04 21:33, Jelle de Jong wrote: Hello everybody, Thank you Fufu Fang for your quick reply: With tinc version 1.0.35 and the bellow options at 100% CPu load i get about 10 MB/s... PMTU = 1400 PMTUDiscovery = yes #Cipher = none Cipher = chacha20-poly1305 Digest = blake2b512 Tried Cipher = none as well and also got 10MB/s with 100% CPU on one thread the other three available threads are idle. With inc_1.1~pre17-1.1_amd64.deb and libssl1.1:amd64 1.1.1d-0+deb10u2 I get the following error: Apr 04 19:03:19 officelink01 tincd[522]: Error while decrypting: error:060A7094:digital envelope routines:EVP_EncryptUpdate:invalid operation installation steps: wget http://ftp.nl.debian.org/debian/pool/main/t/tinc/tinc_1.1~pre17-1.1_amd64.deb dpkg -i tinc_1.1~pre17-1.1_amd64.deb apt-get -f install Any speed improvement ideas? Kind regards, Jelle On 2020-04-04 20:02, Jelle de Jong wrote: Hello everybody, First a big thanks for tinc-vpn I am still using it next to wireguard and openvpn. I am having a setup where the tinc debian appliance is at 100% cpu load doing about 7.5MB/s. Compression = 9 PMTU = 1400 PMTUDiscovery = yes Cipher = aes-128-cbc How can I pick a cipher that is the fasted for my CPU and don't create a CPU bottleneck at 100%. Kind regards, Jelle de Jong root@officelink01:~# lscpu Architecture: x86_64 CPU op-mode(s): 32-bit, 64-bit Byte Order: Little Endian Address sizes: 40 bits physical, 48 bits virtual CPU(s): 4 On-line CPU(s) list: 0-3 Thread(s) per core: 1 Core(s) per socket: 4 Socket(s): 1 NUMA node(s): 1 Vendor ID: AuthenticAMD CPU family: 22 Model: 48 Model name: AMD GX-412TC SOC Stepping: 1 CPU MHz: 775.729 CPU max MHz: 1000. CPU min MHz: 600. BogoMIPS: 1996.08 Virtualization: AMD-V L1d cache: 32K L1i cache: 32K L2 cache: 2048K NUMA node0 CPU(s): 0-3 Flags: fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ht syscall nx mmxext fxsr_opt pdpe1gb rdtscp lm constant_tsc rep_good acc_power nopl nonstop_tsc cpuid extd_apicid aperfmperf pni pclmulqdq monitor ssse3 cx16 sse4_1 sse4_2 movbe popcnt aes xsave avx f16c lahf_lm cmp_legacy svm extapic cr8_legacy abm sse4a misalignsse 3dnowprefetch osvw ibs skinit wdt topoext perfctr_nb bpext ptsc perfctr_llc cpb hw_pstate ssbd vmmcall bmi1 xsaveopt arat npt lbrv svm_lock nrip_save tsc_scale flushbyasid decodeassists pausefilter pfthreshold overflow_recov root@officelink01:~# openssl help Standard commands asn1parse ca ciphers cms crl crl2pkcs7 dgst dhparam dsa dsaparam ec ecparam enc engine errstr gendsa genpkey genrsa help list nseq ocsp passwd pkcs12 pkcs7 pkcs8 pkey pkeyparam pkeyutl prime rand rehash req rsa rsautl s_client s_server s_time sess_id smime speed spkac srp storeutl ts verify version x509 Message Digest commands (see the `dgst' command for more details) blake2b512 blake2s256 gost md4 md5 rmd160 sha1 sha224 sha256 sha3-224 sha3-256 sha3-384 sha3-512 sha384 sha512 sha512-224 sha512-256 shake128 shake256 sm3 Cipher commands (see the `enc' command for more details) aes-128-cbc aes-128-ecb aes-192-cbc aes-192-ecb aes-256-cbc aes-256-ecb aria-128-cbc aria-128-cfb aria-128-cfb1 aria-128-cfb8 aria-128-ctr aria-128-ecb aria-128-ofb aria-192-cbc aria-192-cfb aria-192-cfb1 aria-192-cfb8 aria-192-ctr aria-192-ecb aria-192-ofb aria-256-cbc aria-256-cfb aria-256-cfb1 aria-256-cfb8 aria-256-ctr aria-256-ecb aria-256-ofb base64 bf bf-cbc bf-cfb bf-ecb bf-ofb camellia-128-cbc camellia-128-ecb camellia-192-cbc camellia-192-ecb camellia-256-cbc camellia-256-ecb cast cast-cbc cast5-cbc cast5-cfb cast5-ecb cast5-ofb des des-cbc des-cfb des-ecb des-ede des-ede-cbc des-ede-cfb des-ede-ofb des-ede3 des-ede3-cbc des-ede3-cfb des-ede3-ofb des-ofb
[OT] slow transfer speed issue between two ppp based servers
Hello everybody, I know this is not directly a tinc issue, I am using the system to run a tinc bridge but the problem lies before tinc. This mail was also sent to the linux-ppp list. I wanted to share this mail with Guus. I am having a connection speed issue between two ppp based servers, and I have no idea what is going wrong and how to fix it. I would appreciated it if somebody with advanced networking skills can take a look at my attachments with tcpdumps and my analyse report. http://filebin.ca/hgnpt/tcpdumps.tar.gz I did not know a more suited mailing list for this issue. Many thanks in advance, Kind regards, Jelle  # this document describes my issue with a way to slow transfer speed # between my sammy server with pppoe g.shdsl and an alix05 server with # ppp hsdpa umts # two download tests, demonstrating that the alix05 server can download # with 250KB/s (umts hsdpa 3g) alix05:~# wget -cr http://ftp.nl.debian.org/debian/ls-lR.gz FINISHED --2010-01-10 18:26:01-- Downloaded: 1 files, 6.4M in 26s (252 KB/s) FINISHED --2010-01-10 18:30:31-- Downloaded: 1 files, 6.4M in 25s (258 KB/s) # one upload test to the sammy server, demonstrating that the alix05 # server can upload with 60KB/s and that the sammy server can download # with at least 60KB's (umts hsdpa 3g) alix05:~# scp ftp.nl.debian.org/debian/ls-lR.gz r...@sammy.somewhere.nl:/root/ 100% 6578KB 60.9KB/s 01:48 # one upload from the sammy server to the ashley server, demonstrating # that the sammy server can upload with 274KB/s. (g.shdsl) sammy:~# scp /root/ls-lR.gz r...@powercraft.nl:/root/ 100% 6578KB 274.1KB/s 00:24 ### THIS IS THE ISSUE, THE DOWNLOAD SPEED OF 17KB/s IS WAY TO LOW ### # one download from sammy server to alix05 server that is going to slow alix05:~# scp r...@sammy.somewhere.nl:/root/ls-lR.gz ls-lR.gz 100% 6578KB 17.4KB/s 06:19 # control test, downloading from the ashley server to demonstrate that # the alix05 is capable of download at least with 97KB/s with scp alix05:~# scp r...@powercraft.nl:/root/ls-lR.gz ls-lR.gz 100% 6578KB 96.7KB/s 01:08 r...@ashley:~# tcpdump port 22 and host 62.140.137.45 -i eth1 -n -vv | tee tcpdump-ashley-eth1.txt from alix05:~# scp r...@powercraft.nl:/root/ls-lR.gz ls-lR.gz 100% 6578KB 96.7KB/s 01:08 sammy:~# tcpdump port 22 and host 62.140.137.45 -i ppp0 -n -vv | tee tcpdump-sammy-ppp0.txt from alix05:~# scp r...@sammy.somewhere.nl:/root/ls-lR.gz ls-lR.g 100% 6578KB 13.9KB/s 07:52 # othertests: # scp r...@10.10.1.230:/root/ls-lR.gz ls-lR.g ___ tinc mailing list tinc@tinc-vpn.org http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc
Re: tinc throughput on alix machines
Hi Michael, michael-dev wrote, on 17-03-10 01:36: > Does somebody have any numbers around on what one could expect on a > 500 Mhz machine using tinc with/without encryption or on what to > try out to improve throughput? I got a hole bunch of alix systems running with tinc to create a wan. I have no issues with the bandwidth throughput. I do not use the crypto unit since the openssl lib does not (yet) work with the hardware on debian gnu/linux. I use the following settings on the alix systems: Compression = 9 PMTU = 1400 PMTUDiscovery = yes # Cipher = aes-128-cbc I know for sure I can do 50Mbits up en down, and probably it can even go higher but have not tested this yet. Kind regards, Jelle ___ tinc mailing list tinc@tinc-vpn.org http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc
Re: tinc throughput on alix machines
Michael Braun wrote, on 18-03-10 02:18: > I've tried disabling the cryptodev and replacing the kernel with a stock > debian one but this did not help. Though, it did help a very little bit > to decrease mtu size of the tinc device to 1400 (about 200Kb/sec). > > What OS / distribution are you running on your alix machines? I use debian stable on the alix machines and I am using a switch mode tinc setup with bridged interfaces. Are you sure the internet connections for your systems on all nodes of the device have enghough bandwidth. What is the performance of scp commands (can be checked with bwm-ng). Kind regards, Jelle ___ tinc mailing list tinc@tinc-vpn.org http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc
