From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-iw0-f171.google.com (mail-iw0-f171.google.com [209.85.214.171]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority" (verified OK)) by huchra.bufferbloat.net (Postfix) with ESMTPS id CB3BE201A5D for ; Sun, 29 May 2011 13:45:44 -0700 (PDT) Received: by iwn8 with SMTP id 8so3882442iwn.16 for ; Sun, 29 May 2011 14:01:39 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:date:message-id:subject:from:to :content-type; bh=vjFEQeXfJPFXAbZGUDmdo+uppGAC/cXwyKTFwv34uKs=; b=jvqVmH58gMy+A3vHaiU1bSd/+VG2QUPgu8A7negE6cH9elpXcmRu0t6R5vxdcuKsET coO2RNIy3u2MaNQgdlv0tZAtM/AO/2ImYX0JE7s5qxUXnq16T6w5B0GsvUOs2i+qSDgl hm/qH47FoekvfHcd145xhySiq9disZQMFaMuA= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type; b=CWEsnuH9kovDKjpJ8+Y6bjTGc4Iec8Hb+eI3Y/xAWkTbetJguHP3hP0CxZ6zKMZs2/ dHL96czKBUo6HdDeD+U/Z06q9SZsAOWCHe53pHajNvUgi+0h0pw7DzvonqtmoTGFGWys GXoQd2ZaGZ8WiLXgepsDH8jOFDuqSFWtCweoE= MIME-Version: 1.0 Received: by 10.42.9.68 with SMTP id l4mr9268956icl.24.1306702897932; Sun, 29 May 2011 14:01:37 -0700 (PDT) Received: by 10.231.39.203 with HTTP; Sun, 29 May 2011 14:01:37 -0700 (PDT) Date: Sun, 29 May 2011 15:01:37 -0600 Message-ID: From: Dave Taht To: bismark-devel@lists.bufferbloat.net Content-Type: multipart/alternative; boundary=0016369f9b140ee7c204a4707afa Subject: [Bismark-devel] initial openvpn results on capetown X-BeenThere: bismark-devel@lists.bufferbloat.net X-Mailman-Version: 2.1.13 Precedence: list List-Id: BISMark related software development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 29 May 2011 20:45:45 -0000 --0016369f9b140ee7c204a4707afa Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Using 1024 bit keys, openvpn over udp, an easy-rsa cert authority, using certificates and a setup as per http://openvpn.net/index.php/open-source/documentation/howto.html (all the howtos on the web are obsolete, this one worked, I created a dir, did a make install, and followed those instructions) I hooked up 3 wndr3700 boxes in series for this test. I had to manually set it up to tunnel appropriately (it set up a tunnel to the wrong place, by default, it's just a config option I haven't figured out, or so I hope) connected via jupiter (acting as an openvpn server) | leda (acting as a router) | aitne (acting as a client) I get 19Mbits/second, using iperf. Obviously, using openvpn as a server on these routers will not scale to a lot of users. However, 19Mbits is not bad= , for the clients, for a first try, and is probably adversely effected by using a weak box as a server. I'd be very interested to know if the clients can be made to work well through NAT. A ping 20:46:46.674942 IP 192.168.115.171.38804 > 192.168.22.1.openvpn: UDP, lengt= h 125 20:46:46.681440 IP 192.168.22.1.openvpn > 192.168.115.171.38804: UDP, lengt= h 125 20:46:47.675078 IP 192.168.115.171.38804 > 192.168.22.1.openvpn: UDP, lengt= h 125 20:46:47.681193 IP 192.168.22.1.openvpn > 192.168.115.171.38804: UDP, lengt= h 125 20:46:48.675203 IP 192.168.115.171.38804 > 192.168.22.1.openvpn: UDP, lengt= h 125 20:46:48.675818 IP 192.168.22.1.openvpn > 192.168.115.171.38804: UDP, lengt= h 125 I'd like to give strongswan a shot at some point as the basic ipsec-tools, but I was pleased this turned out so easy once I found a piece of doc that was up to date. --=20 Dave T=E4ht SKYPE: davetaht US Tel: 1-239-829-5608 http://the-edge.blogspot.com --0016369f9b140ee7c204a4707afa Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Using 1024 bit keys, openvpn over udp, an easy-rsa cert authority, using ce= rtificates and a setup as per http://openvpn.net/index.php/open-source/d= ocumentation/howto.html

(all the howtos on the web are obsolete, this one worked, I created a d= ir, did a make install,
=A0 and followed those instructions)

I h= ooked up 3 wndr3700 boxes in series for this test. I had to manually set it= up to
tunnel appropriately (it set up a tunnel to the wrong place, by default, it= 's just a config
option I haven't figured out, or so I hope)
=
connected via jupiter (acting as an openvpn server)
=A0=A0=A0=A0=A0= =A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0 |
=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0 leda=A0 = (acting as a router)
=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0= =A0=A0=A0=A0=A0=A0=A0=A0 |
=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0= =A0=A0=A0=A0=A0=A0=A0 aitne=A0 (acting as a client)

I = get 19Mbits/second, using iperf. Obviously, using openvpn as a server on th= ese routers will not scale to a lot of users. However, 19Mbits is not bad, = for the clients, for a first try, and is
probably adversely effected by using a weak box as a server.

I'= d be very interested to know if the clients can be made to work well throug= h NAT.

A ping

20:46:46.674942 IP 192.168.115.171.38804 > 1= 92.168.22.1.openvpn: UDP, length 125
20:46:46.681440 IP 192.168.22.1.openvpn > 192.168.115.171.38804: UDP, le= ngth 125
20:46:47.675078 IP 192.168.115.171.38804 > 192.168.22.1.open= vpn: UDP, length 125
20:46:47.681193 IP 192.168.22.1.openvpn > 192.16= 8.115.171.38804: UDP, length 125
20:46:48.675203 IP 192.168.115.171.38804 > 192.168.22.1.openvpn: UDP, le= ngth 125
20:46:48.675818 IP 192.168.22.1.openvpn > 192.168.115.171.38= 804: UDP, length 125

I'd like to give strongswan a shot at some = point as the basic ipsec-tools, but I was
pleased this turned out so easy once I found a piece of doc that was up to = date.

--
Dave T=E4ht
SKYPE: davetaht
US Tel: 1-239-829-560= 8
http://the-= edge.blogspot.com
--0016369f9b140ee7c204a4707afa--