I got my (linux-based) laptop to punch through one layer of NAT just fine
and resolved the routing problem below.

Is there a willing victim^H^H^H^H^H^H tester out there that could test how
well mac support would work?

I'd need to generate a cert and script that worked with this:

http://code.google.com/p/tunnelblick/

After running overnight, the openvpn server grew to about 8MB in size, and
seems to have stabilized there.



On Sun, May 29, 2011 at 3:01 PM, Dave Taht <dave.taht@gmail.com> wrote:

> Using 1024 bit keys, openvpn over udp, an easy-rsa cert authority, using
> certificates and a setup as per
> http://openvpn.net/index.php/open-source/documentation/howto.html
>
> (all the howtos on the web are obsolete, this one worked, I created a dir,
> did a make install,
>   and followed those instructions)
>
> I hooked up 3 wndr3700 boxes in series for this test. I had to manually set
> it up to
> tunnel appropriately (it set up a tunnel to the wrong place, by default,
> it's just a config
> option I haven't figured out, or so I hope)
>
> connected via jupiter (acting as an openvpn server)
>                           |
>                        leda  (acting as a router)
>                           |
>                        aitne  (acting as a client)
>
> I get 19Mbits/second, using iperf. Obviously, using openvpn as a server on
> these routers will not scale to a lot of users. However, 19Mbits is not bad,
> for the clients, for a first try, and is
> probably adversely effected by using a weak box as a server.
>
> I'd be very interested to know if the clients can be made to work well
> through NAT.
>
> A ping
>
> 20:46:46.674942 IP 192.168.115.171.38804 > 192.168.22.1.openvpn: UDP,
> length 125
> 20:46:46.681440 IP 192.168.22.1.openvpn > 192.168.115.171.38804: UDP,
> length 125
> 20:46:47.675078 IP 192.168.115.171.38804 > 192.168.22.1.openvpn: UDP,
> length 125
> 20:46:47.681193 IP 192.168.22.1.openvpn > 192.168.115.171.38804: UDP,
> length 125
> 20:46:48.675203 IP 192.168.115.171.38804 > 192.168.22.1.openvpn: UDP,
> length 125
> 20:46:48.675818 IP 192.168.22.1.openvpn > 192.168.115.171.38804: UDP,
> length 125
>
> I'd like to give strongswan a shot at some point as the basic ipsec-tools,
> but I was
> pleased this turned out so easy once I found a piece of doc that was up to
> date.
>
> --
> Dave Täht
> SKYPE: davetaht
> US Tel: 1-239-829-5608
> http://the-edge.blogspot.com
>



-- 
Dave Täht
SKYPE: davetaht
US Tel: 1-239-829-5608
http://the-edge.blogspot.com