I did some more testing on this. I managed to configure OpenVPN in
routing mode but using "tap" instead of "tun". This eliminates the bridge
entirely. I know this is probably not a normal config, but traffic flows
and routes properly.
However, I am *still* seeing the high ping times, and now it affects all
packets flowing to/from the vpn client, even to internal lan and Internet.
Does this sound like an OpenVPN problem or a tun problem when used in tap
mode (link0)? I think I've ruled out the bridging.
I noticed that the other person facing this problem with qemu is also
using tun0 in link0 mode.
My tun0 config:
tun0: flags=9843<UP,BROADCAST,RUNNING,SIMPLEX,LINK0,MULTICAST> mtu 1500
lladdr 00:bd:4c:a4:94:01
inet 192.168.223.1 netmask 0xffffff00 broadcast 192.168.223.255
inet6 fe80::2bd:4cff:fea4:9401%tun0 prefixlen 64 scopeid 0x38
Bryan
On Sun, 2 Dec 2007, Claudio Jeker wrote:
On Sun, Dec 02, 2007 at 10:25:14AM +0100, christian widmer wrote:
i've got a similar issue with virtual machines running within qemu.
i get terribly high ping times as high with huge variation between
guest and host. between guest an any other machine in the lan is ok.
probably the combination of tun and lo which triggers this behavior?
I'm using qemu a lot without big issues. My ping time is never really bad
but qemu is a userland daemon and so it fights with the rest of the
userland for CPU time.
Here a ping from qemu to the host:
--- 192.168.237.1 ping statistics ---
60 packets transmitted, 60 packets received, 0.0% packet loss
round-trip min/avg/max/std-dev = 1.277/1.419/4.906/0.461 ms
//llx
On Saturday 01 December 2007 23.57:47 Bryan S. Leaman wrote:
I have a simple OpenVPN bridge environment set up:
<openvpn_client>---<tun0>--[OpenBSD]--<hme1>---<internal_lan>
<Internet>------------ <hme0>
* bridge0 contains tun0 and hme1
Connectivity and routing work as expected, but when I ping from the client
to the OpenBSD server, I get terribly high ping times as high as 3000ms
with huge variation. Yet the ping times from the client to a host on the
internal lan are <10ms. Basically any packets going between the VPN
client and the server itself have this problem. Packets passing through
the bridge from client to internal lan are not affected.
I am using OpenBSD 4.2 on sparc64, and I've tried OpenVPN 2.0.9 and
2.1rc4. But I also have the same issue on an older 3.8 box with OpenVPN
2.0.5, also sparc64.
Because of this problem, using the VPN server also as a default gateway to
the Internet is nearly impossible, as the response times are terrible.
Any idea what is going on? I've only seen one other report of this issue
but there was no solution discussed:
http://thread.gmane.org/gmane.network.openvpn.user/20541
Here are some sample pings:
C:\temp>ping -t 192.168.222.1 (pinging server from vpn client)
Pinging 192.168.222.1 with 32 bytes of data:
Reply from 192.168.222.1: bytes=32 time=140ms TTL=255
Reply from 192.168.222.1: bytes=32 time=821ms TTL=255
Reply from 192.168.222.1: bytes=32 time=271ms TTL=255
Reply from 192.168.222.1: bytes=32 time=648ms TTL=255
Reply from 192.168.222.1: bytes=32 time=447ms TTL=255
Reply from 192.168.222.1: bytes=32 time=18ms TTL=255
Reply from 192.168.222.1: bytes=32 time=45ms TTL=255
Reply from 192.168.222.1: bytes=32 time=414ms TTL=255
Reply from 192.168.222.1: bytes=32 time=649ms TTL=255
Reply from 192.168.222.1: bytes=32 time=1094ms TTL=255
Reply from 192.168.222.1: bytes=32 time=131ms TTL=255
Reply from 192.168.222.1: bytes=32 time=91ms TTL=255
Reply from 192.168.222.1: bytes=32 time=619ms TTL=255
Reply from 192.168.222.1: bytes=32 time=2154ms TTL=255
Reply from 192.168.222.1: bytes=32 time=3179ms TTL=255
Reply from 192.168.222.1: bytes=32 time=2310ms TTL=255
Reply from 192.168.222.1: bytes=32 time=1147ms TTL=255
Reply from 192.168.222.1: bytes=32 time=233ms TTL=255
Reply from 192.168.222.1: bytes=32 time=3030ms TTL=255
Reply from 192.168.222.1: bytes=32 time=4085ms TTL=255
Reply from 192.168.222.1: bytes=32 time=1500ms TTL=255
Reply from 192.168.222.1: bytes=32 time=845ms TTL=255
Reply from 192.168.222.1: bytes=32 time=64ms TTL=255
Reply from 192.168.222.1: bytes=32 time=611ms TTL=255
Ping statistics for 192.168.222.1:
Packets: Sent = 24, Received = 24, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 18ms, Maximum = 4085ms, Average = 1022ms
C:\temp>ping -t 192.168.222.10 (pinging internal host from vpn client)
Pinging 192.168.222.10 with 32 bytes of data:
Reply from 192.168.222.10: bytes=32 time=6ms TTL=254
Reply from 192.168.222.10: bytes=32 time=3ms TTL=254
Reply from 192.168.222.10: bytes=32 time=4ms TTL=254
Reply from 192.168.222.10: bytes=32 time=3ms TTL=254
Reply from 192.168.222.10: bytes=32 time=9ms TTL=254
Reply from 192.168.222.10: bytes=32 time=3ms TTL=254
Reply from 192.168.222.10: bytes=32 time=3ms TTL=254
Reply from 192.168.222.10: bytes=32 time=4ms TTL=254
Reply from 192.168.222.10: bytes=32 time=3ms TTL=254
Reply from 192.168.222.10: bytes=32 time=3ms TTL=254
Reply from 192.168.222.10: bytes=32 time=3ms TTL=254
Reply from 192.168.222.10: bytes=32 time=4ms TTL=254
Reply from 192.168.222.10: bytes=32 time=4ms TTL=254
Reply from 192.168.222.10: bytes=32 time=3ms TTL=254
Reply from 192.168.222.10: bytes=32 time=3ms TTL=254
Reply from 192.168.222.10: bytes=32 time=3ms TTL=254
Reply from 192.168.222.10: bytes=32 time=5ms TTL=254
Reply from 192.168.222.10: bytes=32 time=4ms TTL=254
Reply from 192.168.222.10: bytes=32 time=3ms TTL=254
Ping statistics for 192.168.222.10:
Packets: Sent = 19, Received = 19, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 3ms, Maximum = 9ms, Average = 3ms
Bryan
--
:wq Claudio
