[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] Slow Performance with Windows Clients



I just finished some ftp transfer tests and the results weren't surprising (still slow on windows):

Mac OS X client >>> Linux server     w/out vpn     ~115 KB/s download
Mac OS X client >>> Linux server     w/ vpn     ~105 KB/s download
Windows XP client >>> Linux server     w/out vpn     ~100 KB/s download
Windows XP client >>> Linux server w/ vpn     ~55 KB/s download

Also I noticed some errors in the vpn log for windows:

Mon May 28 14:24:50 2007 OpenVPN 2.1_rc4 Win32-MinGW [SSL] [LZO2] built on Apr 25 2007
Mon May 28 14:24:50 2007 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Mon May 28 14:24:50 2007 Control Channel Authentication: using 'ta.key' as a OpenVPN static key file
Mon May 28 14:24:50 2007 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon May 28 14:24:50 2007 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon May 28 14:24:50 2007 LZO compression initialized
Mon May 28 14:24:50 2007 Control Channel MTU parms [ L:1544 D:168 EF:68 EB:0 ET:0 EL:0 ]
Mon May 28 14:24:50 2007 Data Channel MTU parms [ L:1544 D:1450 EF:44 EB:135 ET:0 EL:0 AF:3/1 ]
Mon May 28 14:24:50 2007 Local Options hash (VER=V4): 'ee93268d'
Mon May 28 14:24:50 2007 Expected Remote Options hash (VER=V4): 'bd577cd1'
Mon May 28 14:24:50 2007 Attempting to establish TCP connection with x.x.x.238:443
Mon May 28 14:24:50 2007 TCP connection established with x.x.x.238:443
Mon May 28 14:24:50 2007 Socket Buffers: R=[8192->8192] S=[8192->8192]
Mon May 28 14:24:50 2007 TCPv4_CLIENT link local: [undef]
Mon May 28 14:24:50 2007 TCPv4_CLIENT link remote: x.x.x.238:443
Mon May 28 14:24:50 2007 TLS: Initial packet from x.x.x.238:443, sid=a2a5c356 281184ce
Mon May 28 14:24:53 2007 VERIFY OK: depth=1, /C=US/ST=OR/L=Halfway/O=VforVPN_/CN=box01/emailAddress=vforvpn@xxxxxxxxx
Mon May 28 14:24:53 2007 VERIFY OK: depth=0, /C=US/ST=OR/O=VforVPN_/OU=box01/CN=server/emailAddress= vforvpn@xxxxxxxxx
Mon May 28 14:24:58 2007 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Mon May 28 14:24:58 2007 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon May 28 14:24:58 2007 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Mon May 28 14:24:58 2007 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon May 28 14:24:58 2007 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Mon May 28 14:24:58 2007 [server] Peer Connection Initiated with x.x.x.238:443
Mon May 28 14:24:59 2007 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Mon May 28 14:25:00 2007 PUSH: Received control message: 'PUSH_REPLY,route x.x.x.129 255.255.255.248,redirect-gateway def1,dhcp-option DNS 208.67.222.222 ,dhcp-option DNS 208.67.220.220,route 10.197.187.1,topology net30,ping 10,ping-restart 120,ifconfig 10.197.187.6 10.197.187.5'
Mon May 28 14:25:00 2007 OPTIONS IMPORT: timers and/or timeouts modified
Mon May 28 14:25:00 2007 OPTIONS IMPORT: --ifconfig/up options modified
Mon May 28 14:25:00 2007 OPTIONS IMPORT: route options modified
Mon May 28 14:25:00 2007 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Mon May 28 14:25:00 2007 TAP-WIN32 device [Local Area Connection 4] opened: \\.\Global\{B7E6D9BB-A4C7-4C5D-9984-0548D79E0D64}.tap
Mon May 28 14:25:00 2007 TAP-Win32 Driver Version 9.3
Mon May 28 14:25:00 2007 TAP-Win32 MTU=1500
Mon May 28 14:25:00 2007 Notified TAP-Win32 driver to set a DHCP IP/netmask of 10.197.187.6/255.255.255.252 on interface {B7E6D9BB-A4C7-4C5D-9984-0548D79E0D64} [DHCP-serv: 10.197.187.5, lease-time: 31536000]
Mon May 28 14:25:00 2007 Successful ARP Flush on interface [3] {B7E6D9BB-A4C7-4C5D-9984-0548D79E0D64}
Mon May 28 14:25:05 2007 TEST ROUTES: 0/0 succeeded len=2 ret=0 a=0 u/d=down
Mon May 28 14:25:05 2007 Route: Waiting for TUN/TAP interface to come up...
Mon May 28 14:25:10 2007 TEST ROUTES: 3/3 succeeded len=2 ret=1 a=0 u/d=up
Mon May 28 14:25:10 2007 route ADD x.x.x.238 MASK 255.255.255.255 192.168.0.1
Mon May 28 14:25:10 2007 Route addition via IPAPI succeeded [adaptive]
Mon May 28 14:25:10 2007 route ADD 0.0.0.0 MASK 128.0.0.0 10.197.187.5
Mon May 28 14:25:10 2007 Route addition via IPAPI succeeded [adaptive]
Mon May 28 14:25:10 2007 route ADD 128.0.0.0 MASK 128.0.0.0 10.197.187.5
Mon May 28 14:25:10 2007 Route addition via IPAPI succeeded [adaptive]
Mon May 28 14:25:10 2007 route ADD x.x.x.129 MASK 255.255.255.248 10.197.187.5
Mon May 28 14:25:10 2007 Warning: address x.x.x.129 is not a network address in relation to netmask 255.255.255.248
Mon May 28 14:25:10 2007 ROUTE: route addition failed using CreateIpForwardEntry: The parameter is incorrect.   [status=87 if_index=3]
Mon May 28 14:25:10 2007 Route addition via IPAPI failed [adaptive]
Mon May 28 14:25:10 2007 Route addition fallback to route.exe
The route addition failed: The specified mask parameter is invalid. (Destination & Mask) != Destination.
Mon May 28 14:25:10 2007 route ADD 10.197.187.1 MASK 255.255.255.255 10.197.187.5
Mon May 28 14:25:10 2007 Route addition via IPAPI succeeded [adaptive]
Mon May 28 14:25:10 2007 Initialization Sequence Completed

x.x.x.238 is the openvpn server ingoing ip and x.x.x.129 is the gateway of the openvpn server


windows route before vpn:

===========================================================================

Interface List

0x1 ........................... MS TCP Loopback interface

0x2 ...00 bd d7 43 58 ff ...... Realtek RTL8029(AS) PCI Ethernet Adapter - Packe

t Scheduler Miniport

0x3 ...00 ff b7 e6 d9 bb ...... TAP-Win32 Adapter V9 - Packet Scheduler Miniport



===========================================================================

===========================================================================

Active Routes:

Network Destination        Netmask          Gateway       Interface  Metric

          0.0.0.0          0.0.0.0      192.168.0.1     192.168.0.6       20

        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1       1

      192.168.0.0    255.255.255.0      192.168.0.6     192.168.0.6       20

      192.168.0.6   255.255.255.255        127.0.0.1       127.0.0.1       20

    192.168.0.255   255.255.255.255      192.168.0.6     192.168.0.6       20

        224.0.0.0        240.0.0.0      192.168.0.6     192.168.0.6       20

  255.255.255.255  255.255.255.255      192.168.0.6     192.168.0.6       1

  255.255.255.255  255.255.255.255      192.168.0.6               3       1

Default Gateway:       192.168.0.1

===========================================================================

Persistent Routes:

  None





windows route during vpn:

===========================================================================

Interface List

0x1 ........................... MS TCP Loopback interface

0x2 ...00 bd d7 43 58 ff ...... Realtek RTL8029(AS) PCI Ethernet Adapter - Packe

t Scheduler Miniport

0x3 ...00 ff b7 e6 d9 bb ...... TAP-Win32 Adapter V9 - Packet Scheduler Miniport



===========================================================================

===========================================================================

Active Routes:

Network Destination        Netmask          Gateway       Interface  Metric

          0.0.0.0        128.0.0.0     10.197.187.5    10.197.187.6       1

          0.0.0.0           0.0.0.0      192.168.0.1     192.168.0.6       20

     10.197.187.1  255.255.255.255     10.197.187.5    10.197.187.6       1

     10.197.187.4  255.255.255.252     10.197.187.6    10.197.187.6       30

     10.197.187.6  255.255.255.255        127.0.0.1       127.0.0.1       30

   10.255.255.255  255.255.255.255      10.197.187.6    10.197.187.6       30

   x.x.x.238  255.255.255.255      192.168.0.1     192.168.0.6       1

        127.0.0.0        255.0.0.0        127.0.0.1        127.0.0.1       1

        128.0.0.0        128.0.0.0     10.197.187.5    10.197.187.6       1

      192.168.0.0    255.255.255.0      192.168.0.6     192.168.0.6        20

      192.168.0.6  255.255.255.255        127.0.0.1       127.0.0.1       20

    192.168.0.255  255.255.255.255      192.168.0.6     192.168.0.6       20

        224.0.0.0        240.0.0.0     10.197.187.6    10.197.187.6       30

        224.0.0.0        240.0.0.0      192.168.0.6     192.168.0.6       20

  255.255.255.255  255.255.255.255     10.197.187.6    10.197.187.6       1

  255.255.255.255  255.255.255.255      192.168.0.6     192.168.0.6       1

Default Gateway:      10.197.187.5

===========================================================================

Persistent Routes:

  None




Thanks!