[Bismark-devel] initial openvpn results on capetown

Historic archive of defunct list bismark-devel@lists.bufferbloat.net
 help / color / mirror / Atom feed

From: Dave Taht <dave.taht@gmail.com>
To: bismark-devel@lists.bufferbloat.net
Subject: [Bismark-devel] initial openvpn results on capetown
Date: Sun, 29 May 2011 15:01:37 -0600	[thread overview]
Message-ID: <BANLkTi==v9RJnULy5fq7ufbJnSY7TidRrw@mail.gmail.com> (raw)

[-- Attachment #1: Type: text/plain, Size: 1872 bytes --]

Using 1024 bit keys, openvpn over udp, an easy-rsa cert authority, using
certificates and a setup as per
http://openvpn.net/index.php/open-source/documentation/howto.html

(all the howtos on the web are obsolete, this one worked, I created a dir,
did a make install,
  and followed those instructions)

I hooked up 3 wndr3700 boxes in series for this test. I had to manually set
it up to
tunnel appropriately (it set up a tunnel to the wrong place, by default,
it's just a config
option I haven't figured out, or so I hope)

connected via jupiter (acting as an openvpn server)
                          |
                       leda  (acting as a router)
                          |
                       aitne  (acting as a client)

I get 19Mbits/second, using iperf. Obviously, using openvpn as a server on
these routers will not scale to a lot of users. However, 19Mbits is not bad,
for the clients, for a first try, and is
probably adversely effected by using a weak box as a server.

I'd be very interested to know if the clients can be made to work well
through NAT.

A ping

20:46:46.674942 IP 192.168.115.171.38804 > 192.168.22.1.openvpn: UDP, length
125
20:46:46.681440 IP 192.168.22.1.openvpn > 192.168.115.171.38804: UDP, length
125
20:46:47.675078 IP 192.168.115.171.38804 > 192.168.22.1.openvpn: UDP, length
125
20:46:47.681193 IP 192.168.22.1.openvpn > 192.168.115.171.38804: UDP, length
125
20:46:48.675203 IP 192.168.115.171.38804 > 192.168.22.1.openvpn: UDP, length
125
20:46:48.675818 IP 192.168.22.1.openvpn > 192.168.115.171.38804: UDP, length
125

I'd like to give strongswan a shot at some point as the basic ipsec-tools,
but I was
pleased this turned out so easy once I found a piece of doc that was up to
date.

-- 
Dave Täht
SKYPE: davetaht
US Tel: 1-239-829-5608
http://the-edge.blogspot.com

[-- Attachment #2: Type: text/html, Size: 2136 bytes --]

next             reply	other threads:[~2011-05-29 20:45 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2011-05-29 21:01 Dave Taht [this message]
2011-05-30 13:28 ` Dave Taht
2011-05-30 18:12   ` Dave Taht
2011-05-30 20:02     ` Walter de Donato
2011-05-30 22:43       ` Dave Taht
2011-05-30 23:06         ` Dave Taht
2011-05-31 14:52           ` Walter de Donato

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='BANLkTi==v9RJnULy5fq7ufbJnSY7TidRrw@mail.gmail.com' \
    --to=dave.taht@gmail.com \
    --cc=bismark-devel@lists.bufferbloat.net \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox