I set up an OpenVpn Server & Client.
It's configured as IPv4 with IPv6 'inside'.
I'm trying to get ALL IPv6 traffic from the Client's LAN to go over the OpenVpn
link and out to & in from the net.
Right now I can ping from the Client OpenVpn box out over the vpn link via IPv6.
I can't ping from
Hello Selva
> Just guessing, is the server on a Linode? I had once briefly tested a similar
> setup and, for some reason, the throughput on ipv6 connections was very poor.
> Once your setup is working I would love to hear about the performance.
Yeah the Server that I'm getting access to is one
Hi Selva
ip -6 route
2600:x:x:4d00::/64 dev eth0 proto kernel metric 256 pref
medium
2600:x:x:4dff::/64 dev tun1 proto kernel metric 256 pref
medium
fe80::/64 dev eth0 proto kernel metric 256 pref medium
Hi Selva
> Can you ping from the server to the router's 4d09::1 address?
>From the shell on the REMOTE-SERVER, I CAN'T ping6 to the LOCAL-ROUTER's
>internal eth1 interface IP
ping6 2600:x:x:4d09::1
PING 2600:x:x:4d09::1(2600:x:x:4d09::1) 56 data bytes
Just sits there
Hi Selva
> What about ip6tables settings on the router? On my asus router the default
> was to DROP all, so I had to change those.
I have explicit blanket ACCEPT all enabled with verbose logging for all the
prefixes we're dealing with :-/
- John
Some more info on what I see on the firewalls.
On the LOCAL-ROUTER, testing the 2 ping"types", with and without the added
address
"without"
ping6 -c1 2600:x:x:4dff::1
PING 2600:x:x:4dff::1(2600:x:x:4dff::1) 56 data bytes
64 bytes from 2600:x:x:4dff::1: i
> P.S. By the way, if you are doing this only for ipv6 traffic (ie.,
> encryption is not required), its much easier to manage a 6in4 tunnel to the
> Linode. That's what I ended up doing although I still have some performance
> issues..
I can't because we figured out that the ISP blocks "protocol 4
On Fri, Aug 21, 2015, at 11:43 AM, Selva Nair wrote:
> So the packet is dropped by the VPN? I dont have access to my config right
> now, but may be an iroute is required in the config or ccd as in the ipv4
> case of routing LAN clients through VPN. Please check the man page on
> iroute.
I had adde
Crossed in the mail! :-)
On Fri, Aug 21, 2015, at 11:49 AM, Selva Nair wrote:
> > may be an iroute is required
>
> Just checked the man page -- it should be iroute-ipv6 in the ccd. I also
> realized you could use route-ipv6 in the same ccd file to set up the route
> to 4d09 in the system routing
Doing a quick & dirty (one run only) download comparison from my LAN (that's
behind the router, firewall, switch, etc etc).
In this test, the IPv4 traffic is going out locally, through my ISP, and the
IPv6 traffic is going over the VPN.
rm -f linux*tar.gz && \
time wget -4 --no-
I have a OpenVPN 2.3_git [git:master/291c227d2ccecaa9] client/server pair.
In both the Server & Client configs I have
sndbuf 0
rcvbuf 0
tun-mtu 1500
fragment 1300
mssfix
In the client's vpn logs I see these warnings
Fri Aug 21 18:03:45 2015 WARNIN
I got pointed to testing for good mtus
Dropping from 1500, these values give 0% packet loss
ping -M do -s 1472 -c 1 google.com
ping6 -M do -s 1452 -c 1 google.com
anything higher, 100% loss.
I read too MSS == MTU - 40
So for IPv4 MSS= 1432
Which I guess I set with
mssfix 1432
So wha
Hello Gert
On Sat, Aug 22, 2015, at 05:43 AM, Gert Doering wrote:
> mssfix will cover IPv4 and IPv6, and take the different header sizes
> for IPv6 into account. So you're good.
Ok thanks for clearing that up. :-)
Will all the OTHER *-ipv6* command versions that are talked about in the
manpage
Hello Gert
On Sat, Aug 22, 2015, at 05:34 AM, Gert Doering wrote:
> the last two can be automated by running radvd on the client, announcing
> an IPv6 default and prefix towards the LAN.
So far I got it all working without the radvd. But I did read about it. Once
I figure out about ULA address
I'm reading up on performance for different encryption types.
On my systems I can see the differences in speed you get with running
openssl speed ...
In the initial OpenVpn config that I was given for the Server I'm using there's
auth RSA-SHA512
auth-nocache
ciph
Hello Jan
On Sat, Aug 22, 2015, at 09:00 AM, Jan Just Keijser wrote:
> It depends a little on the hardware you're using
The server is a 4-core Linode VPS
Intel(R) Xeon(R) CPU E5-2680 v2 @ 2.80GHz
cpu MHz : 2800.064
My router is a 4-core Atom box
model name : Intel(R) Atom(TM) CP
Hi Gert
On Sat, Aug 22, 2015, at 12:31 PM, Gert Doering wrote:
> I'd claim that for ~20Mbit/s., your Atom CPU is fast enough to do
> AES256 without saturating the CPU, so the cipher isn't the bottleneck.
>
> More likely the extra bytes and the extra delay introduced by OpenVPN
> causing the 18M-
Hi Gert
On Sat, Aug 22, 2015, at 12:57 PM, Gert Doering wrote:
> Jan Just is wondering since years why OpenVPN is "slow", but he's talking
> about "getting only 600Mbit out of a Gbit link" or such :-)
That would be nice!
> > 18M->15.5M is ~ a 14% slowdown. I don't know if that's as good as it g
I'm moving all IPv6 traffic from my LOCAL-ROUTER+LAN over a Vpn link to &
through a REMOTE-SERVER.
Seems to be working.
Checking my firewall logs on the REMOTE-SERVER I see
Aug 22 13:04:26 remote01 kernel: [78121.376357] FW:vpn12net:REJECT
IN=tun1 OUT=eth0 SRC=2600:x:x:4d09:::
Ji Jan
On Tue, Aug 25, 2015, at 01:38 PM, Jan Just Keijser wrote:
> Can you test it on your 16x3 connection (I actually don't know what kind
> of connection that is) *without* the 'fragment 0' setting and let us
> know the results?
The results above were actually with
sndbuf 0
rcvbuf 0
mssfix
On Tue, Aug 25, 2015, at 01:53 PM, Jan Just Keijser wrote:
> can you try it without the mssfix setting as well ?
(1)
SERVER
/openvpn.conf
...
mssfix 1432
...
iperf3 --server --port 56789 --bind 10.0.0.1
CLIENT
/openvpn.
I just did an iperf test with tcp, instead of udp. With tcp I get ~ 25-50%
more throughput.
That's using iperf.
I didn't test is yet using OpenVPN, since I've been told I should stick with
UDP anyway.
- John
--
22 matches
Mail list logo
