Re: altq on tun0: queueing works, prioritization not?

2006-10-01 Thread Ulrich Spoerlein 
Ulrich Spoerlein wrote:
> This is definitely not what I would expect. Where is my error?

Oh well, I should have tried 'cbq' earlier. With the following settings
(renamed the queues)

altq on $ext_if cbq bandwidth 800Kb queue { q_pri, q_std }
queue q_pri priority 6 cbq(borrow)
queue q_std priority 1 cbq(default borrow)

I'm actually able to achieve some effect. The upload is capped at
70-80kB/s and the download will fluctuate between 580 and 750 kB/s.
Much better than the plain priority queuing.

As soon as I cut the upload, the download will jump back to
950-1000kB/s.

Is this discrepancy (pri vs. cbq) known?

Ulrich Spoerlein
-- 
A: Yes.
>Q: Are you sure?
> >A: Because it reverses the logical flow of conversation.
> >>Q: Why is top posting frowned upon?
___
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

altq on tun0: queueing works, prioritization not?

2006-10-01 Thread Ulrich Spoerlein 
Hello all,

I tried to set up TCP ACK prioritization with pf/altq as has been
described on various places of the internet.

It doesn't work as expected. I have a 16Mb/1Mb DSL link, the modem is
connected to a dc(4) device, I'm working with the tun0 device for my
firewall rules. Here they are:

ext_if="tun0"
scrub in all
altq on tun0 priq bandwidth 400Kb queue { std, http, ssh, dns, tcp_ack }

queue std priority 1 priq(default)
queue tcp_ack priority 6

pass out on $ext_if proto tcp from any to any queue(std, tcp_ack)


Please note that I tried various bandwidth settings, for testing
purposes I set it to a very very low 400kb.

When downloading from ftp.de.freebsd.org, I'm able to achieve roughly
950kB/s. If I then start an FTP upload (which will reach some 42kB/s, so
the 400kb bandwidth is in effect), the interface throughput drops down
to a mere 120kB/s.

The 400kb limit should also be low enough, as I'm able to upload to that
same ftp with up to 100kB/s if I turn off queueing.

This is definitely not what I would expect. Where is my error?

Ulrich Spoerlein
-- 
A: Yes.
>Q: Are you sure?
> >A: Because it reverses the logical flow of conversation.
> >>Q: Why is top posting frowned upon?
___
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

RE: Problems with OpenVPN+routing and creating tun0 interface

2006-09-22 Thread Marius Rex 
Václav Haisman wrote:
> Hi,
> I want to set up OpenVPN to create and configure tun0 interface and
> connect to OpenVPN server. The main obstacle seems to be my inability to
> configure either OpenVPN or FreeBSD to actually create that tun0 interface.
>
> If I try to create it manually I get this:
>
> $ ifconfig -v tun create inet 192.168.23.203 192.168.23.1
> ifconfig: SIOCIFCREATE: Invalid argument
>
> The kernel config has the "device tun" line and there are tun[0-3] in /dev.
>
> So what am I doing wrong?
>
> --
> Vaclav Haisman
>

I set up a new OpenVPN instance  last week on FreeBSD 5.4-stable.  The tun0 
device was auto-created by OpenVPN when I ran the init script.  (Of course it 
was in my kernel config first.)  I just have 'dev tun' in my OpenVPN 
configuration file.
 
To me, the funny thing is that I am running it on an older FreeBSD box because 
the Red Hat Enterprise 4 server I was given would not create a tun device 
whatever I did.  Just like you I could not create it by hand or have OpenVPN do 
it.  The OpenVPN server instance on the other side is a RHE4, and it worked 
automagically with no effort.  I used the same software to install it on both 
RHE instances, so it is all a bit fishy.
 
-
Marius M. Rex
Sr. System Admin
Community Connect Inc.
[EMAIL PROTECTED]

___
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Problems with OpenVPN+routing and creating tun0 interface

2006-09-22 Thread Mike Tancsa 

At 10:22 AM 9/22/2006, Václav Haisman wrote:

>
The problme was on the server, it had my address restricted in firewall.

I managed to make the tunnel. And I could ping the 192.168.23.1 address
from mine 192.168.23.4. I had to restart the serivce because I did some
changes to the OpenVPN client configuraton. Now I cannot ping again. But
according to tcpdump the connection is there. And I cannot even ping
mine 192.168.23.4. Missing routes or someting, after I restarted the serice?


Perhaps a better question to ask on the openvpn 
mailling list. But provide more details as to your config.


One FreeBSD tip with openvpn that I find helpful 
is to specify which tun device to use-- 
especially if you have other tun users like ppp 
or pppoe, is to create a specific interface and tell openvpn to use it.


On my boxes I do the following prior to starting up openvpn
cat /dev/null > /dev/tun101

and in openvpn, I tell it to use

dev tun101

---Mike 


___
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Problems with OpenVPN+routing and creating tun0 interface

2006-09-22 Thread Václav Haisman 


Václav Haisman wrote, On 22.9.2006 14:41:
> Hi,
> I want to set up OpenVPN to create and configure tun0 interface and
> connect to OpenVPN server. The main obstacle seems to be my inability to
> configure either OpenVPN or FreeBSD to actually create that tun0 interface.
> 
> If I try to create it manually I get this:
> 
> $ ifconfig -v tun create inet 192.168.23.203 192.168.23.1
> ifconfig: SIOCIFCREATE: Invalid argument
> 
> The kernel config has the "device tun" line and there are tun[0-3] in /dev.
> 
> So what am I doing wrong?
> 
> --
> Vaclav Haisman
> 
The problme was on the server, it had my address restricted in firewall.

I managed to make the tunnel. And I could ping the 192.168.23.1 address
from mine 192.168.23.4. I had to restart the serivce because I did some
changes to the OpenVPN client configuraton. Now I cannot ping again. But
according to tcpdump the connection is there. And I cannot even ping
mine 192.168.23.4. Missing routes or someting, after I restarted the serice?

--
VH



signature.asc
Description: OpenPGP digital signature

Re: Problems with OpenVPN+routing and creating tun0 interface

2006-09-22 Thread Jussi, Petteri Nummikko 
Václav Haisman wrote:
> Hi,
> I want to set up OpenVPN to create and configure tun0 interface and
> connect to OpenVPN server. The main obstacle seems to be my inability to
> configure either OpenVPN or FreeBSD to actually create that tun0 interface.
> 
> If I try to create it manually I get this:
> 
> $ ifconfig -v tun create inet 192.168.23.203 192.168.23.1
> ifconfig: SIOCIFCREATE: Invalid argument
> 
> The kernel config has the "device tun" line and there are tun[0-3] in /dev.
> 
> So what am I doing wrong?
> 
> --
> Vaclav Haisman
> 

I had the same problem in 6.0 but not anymore in 6.1. If I remember
correctly how I fixed it in 6.0, I just echoed null to /dev/tun0. But if
you already have those devices I'm not sure anymore. Are you specifying
the device in openvpn.con as "dev tun" or "dev tun[n]"? In 6.1 releng I
have only "dev tun" and it creates the device by itself. But in OpenBSD
I have to specify the device number also, even if there was just one of
them.
___
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Problems with OpenVPN+routing and creating tun0 interface

2006-09-22 Thread Dominic Marks 

Václav Haisman wrote:

Hi,
I want to set up OpenVPN to create and configure tun0 interface and
connect to OpenVPN server. The main obstacle seems to be my inability to
configure either OpenVPN or FreeBSD to actually create that tun0 interface.

If I try to create it manually I get this:

$ ifconfig -v tun create inet 192.168.23.203 192.168.23.1
ifconfig: SIOCIFCREATE: Invalid argument

The kernel config has the "device tun" line and there are tun[0-3] in /dev.

So what am I doing wrong?

--
Vaclav Haisman



I always let OpenVPN create them for me. Just starting the openvpn process
seems to do the magic. What happens when you try and do that?

Thanks,
Dominic
___
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Problems with OpenVPN+routing and creating tun0 interface

2006-09-22 Thread Václav Haisman 
Hi,
I want to set up OpenVPN to create and configure tun0 interface and
connect to OpenVPN server. The main obstacle seems to be my inability to
configure either OpenVPN or FreeBSD to actually create that tun0 interface.

If I try to create it manually I get this:

$ ifconfig -v tun create inet 192.168.23.203 192.168.23.1
ifconfig: SIOCIFCREATE: Invalid argument

The kernel config has the "device tun" line and there are tun[0-3] in /dev.

So what am I doing wrong?

--
Vaclav Haisman



signature.asc
Description: OpenPGP digital signature

Re: tun0

2000-12-20 Thread Roman Shterenzon 

Quoting Bill Fumerola <[EMAIL PROTECTED]>:

> On Tue, Dec 19, 2000 at 10:53:07AM -, G D McKee wrote:
> > Hi
> > 
> > In FreeBSD 4.1.1 tun0 device came up automatically on boot.  How can I
> configure this in 4.2?
> 
> It's there, its just not in your interfaces list until you use it.
> 
> If you don't believe me:
> 
>   dd if=/dev/tun0 of=/dev/null count=0
> 
Does it work?
I had to write my own program which even uses setitimer() to break out of read()
:)

--Roman Shterenzon, UNIX System Administrator and Consultant
[ Xpert UNIX Systems Ltd., Herzlia, Israel. Tel: +972-9-9522361 ]


To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-stable" in the body of the message

tun0

2000-12-19 Thread G D McKee 



Hi
 
In FreeBSD 4.1.1 tun0 device came up automatically 
on boot.  How can I configure this in 4.2?
 
G D McKee

Re: tun0: Warning: CHAP 0x81 not supported

2000-05-23 Thread Brian Somers 

> I believe that I found that the specs for MS Chap are not available, therefore I
> assumed that it was an incompatibility with there product created the error.  I
> posted a couple of questions to see if it was possible, without a response back.

I think they're available in the developr/rfc directory on M$ ftp site, 
but from what I can tell, most of M$ attempts at standards get rejected 
by the IETF because of built in kludges...

-- 
Brian <[EMAIL PROTECTED]>
     
Don't _EVER_ lose your sense of humour !




To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-stable" in the body of the message

Re: tun0: Warning: CHAP 0x81 not supported

2000-05-23 Thread Michael Lucas 

Thanks to everyone who responded.

Some more data points, some requested and some not:

When I start pptp, I get:

proxybox~;pptp tunnel.website.att.net attpptp
(unknown)[214]: log[pptp_dispatch_ctrl_packet:pptp_ctrl.c:531]: Client connection 
established.
(unknown)[214]: log[pptp_dispatch_ctrl_packet:pptp_ctrl.c:637]: Outgoing call 
established.

proxybox~

It actually returned; that's not a ^C that brings me back to a command prompt.

I see a connection to the AT&T tunnel server:

proxybox~;sockstat
USER COMMANDPID   FD PROTO  LOCAL ADDRESS FOREIGN ADDRESS
root pptp   2144 tcp4   a.b.c.d.1025  135.145.11.129.172
root sshd   2084 tcp4   192.168.1.1.22192.168.1.200.1016

The AT&T server is Windows NT, 95, or 98.

I've added a route for the host we want to contact behind the PPTP server.

Lastly, shouldn't pptp bring up a tun interface?  Right now, I have:

[deleted other interfaces]
tun0: flags=8011 mtu 1500
proxybox~;

Thanks for any help!

==ml


To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-stable" in the body of the message

Re: tun0 lost in 4.0

2000-03-19 Thread Ben Smithurst 

Sergei Vyshenski wrote:

> Can not revive tun0 interface after moving to 4.0 from 3.4
> in a way that src/UPDATING teaches.
> 
> Kernel file has "pseudo-device   tun 1", kernel builds ok;
> ./MAKEDEV tun0 in /dev does not complain;
> but ifconfig says: "interface tun0 does not exist"
> 
> Actually, I need tun0 to accept incoming user-ppp,
> and would be happy to hear of workaround at least.

I have a feeling there's something funny about tun devices now, IIRC
hearing they're created on demand or something... What error is ppp(8)
giving you?

-- 
Ben Smithurst / [EMAIL PROTECTED] / PGP: 0x99392F7D


To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-stable" in the body of the message