On Mon, 26 Jun 2006, Damon McMahon wrote:
Greetings,
I have an OpenBSD 3.9-RELEASE wireless gateway using ral(4) in
Infrastructure mode to provide a wireless LAN secured using ESP. It is
connecting to the internet via IPv4 using kernel ppp(4) and pppd(8) -
not userland ppp(8) - and routing to IPv4 wireless clients using NAT
in pf.conf temporarily until I can arrange for ADSL.
After an initial burst of activity routed connections slow down to
something worse than a crawl. I have confirmed that activity between
the gateway and the internet i.e. just ppp(4) performs as expected,
and similarly activity between the gateway and wireless clients i.e.
just ESP over 802.11b performs as expected.
This leads me to hypothesise that the cause must be in the routing
between the two networks. Could this be a fragmentation issue. If
so/not does anyone have any suggestions? If my dmesg, pf.conf or IPsec
configuration files are required for diagnosis please let me know.
Thanks in advance,
Damon
Sounds like MTU to me.
there are two pf/scrub options you should play with
max-mss
no-df
Incoming ESP packets will probably have the DF flag set since you don't
want fragmented IPSEC traffic. Those packets may be to large for your DSL
interface and now they can't be fragmented. Or enforce outbound max-mss
set it to 1300 and see if that clears things up
scrub in on $int_if all no-df max-mss 1300
See if a variation on that helps.
Good Luck!
-Matt-
