Re: [Openvpn-users] Baffling Performance Problems, Any Debugging Ideas?

  Subject: Re: [Openvpn-users] Baffling Performance Problems, Any Debugging Ideas?
  From: Erich Titl <erich.titl@xxxxxxxx>
  Date: Thu, 20 Dec 2007 11:47:37 +0000


Blake Watters wrote:
> I am deploying OpenVPN for the forth time in a production setting and  
> I am having a baffling set of performance issues that I am totally out  
> of ideas for debugging. Here's the situation:
> I have two geographically separate clusters of machines, one in a data  
> center and one inside our development teams offices. Each cluster  
> consists of several machines running Linux Xen with a number of VM's  
> inside the machines. On each end I have a VM running OpenVPN over UDP  
> in routed persistent tun mode with TLS. In the data center I have a  
> pair of NetScreen 50's handling the routing -- they have reverse  
> routes configured back to the VPN IP block and the remote LAN. In the  
> office, I have a brand new Linksys with the opposite configuration.  
> Everything seems happy. Until I start rsyncing or scp'ing data across  
> the pipe.
> No matter what I do, I can't get the performance into anything beyond  
> an absolute joke. I see between 4 and 20k a second data transfers --  
> its ridiculous. I've tried changing MTU's, experimented with TCP,  
> checked the results from different endpoints across the connection,  
> looked at fragmentation settings, everything I can think of. I've  
> successfully run VoIP over OpenVPN with far less substantial hardware,  
> so I must be missing some key bit data point here or just be so  
> cracked out after 10 hours of fighting with it that I am missing  
> something obvious.
> Anybody have any ideas what could pull the performance down to such  
> abysmal levels? 

Xen ???

Have you tried _real_ machines for the OpenVPN endpoints?



