From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-iw0-f171.google.com (mail-iw0-f171.google.com [209.85.214.171]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority" (verified OK)) by huchra.bufferbloat.net (Postfix) with ESMTPS id 35585201A60 for ; Mon, 30 May 2011 06:12:11 -0700 (PDT) Received: by iwn8 with SMTP id 8so4448940iwn.16 for ; Mon, 30 May 2011 06:28:25 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:in-reply-to:references:date :message-id:subject:from:to:content-type; bh=wTw5OpUoV34cW3TCCS+xd63VWgm5QIFeUxp26u/ziek=; b=BbUhxXcq2EY6njVaFahQdk06n7Cz+F8IuLySXnumZe9iN5+Zr5W6YHb4ZWsa3+K1QL bGCw566sk7A/D9RQIZTpXF22H7YzugWK8MJC0Ocat2reSvtNPD3N/RImRDp1xJumDvyD H9KvdREqe4DTY7x9aP8TR2bv9rwjjsjb5ZKGM= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; b=lPIRBAvQHHy2bfIvY6NDfKnd8C6rwrkhn8RGjb4USUYIZXlqza4qmsjeh30FyKj0IL LkPpdLHWNh2BzKKtICtXICMyCkUSjLwHsXFGWh0SRuGnIxP4NWN5RW3g7Sx1VWvDwgSz WWMr2iNS0X5yq+XLeRtVoPStEN3iYuatN/nic= MIME-Version: 1.0 Received: by 10.42.94.6 with SMTP id z6mr8094622icm.91.1306762105089; Mon, 30 May 2011 06:28:25 -0700 (PDT) Received: by 10.231.39.203 with HTTP; Mon, 30 May 2011 06:28:25 -0700 (PDT) In-Reply-To: References: Date: Mon, 30 May 2011 07:28:25 -0600 Message-ID: From: Dave Taht To: bismark-devel@lists.bufferbloat.net Content-Type: multipart/alternative; boundary=20cf3036405f146dcb04a47e4313 Subject: Re: [Bismark-devel] initial openvpn results on capetown X-BeenThere: bismark-devel@lists.bufferbloat.net X-Mailman-Version: 2.1.13 Precedence: list List-Id: BISMark related software development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 30 May 2011 13:12:11 -0000 --20cf3036405f146dcb04a47e4313 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable I got my (linux-based) laptop to punch through one layer of NAT just fine and resolved the routing problem below. Is there a willing victim^H^H^H^H^H^H tester out there that could test how well mac support would work? I'd need to generate a cert and script that worked with this: http://code.google.com/p/tunnelblick/ After running overnight, the openvpn server grew to about 8MB in size, and seems to have stabilized there. On Sun, May 29, 2011 at 3:01 PM, Dave Taht wrote: > Using 1024 bit keys, openvpn over udp, an easy-rsa cert authority, using > certificates and a setup as per > http://openvpn.net/index.php/open-source/documentation/howto.html > > (all the howtos on the web are obsolete, this one worked, I created a dir= , > did a make install, > and followed those instructions) > > I hooked up 3 wndr3700 boxes in series for this test. I had to manually s= et > it up to > tunnel appropriately (it set up a tunnel to the wrong place, by default, > it's just a config > option I haven't figured out, or so I hope) > > connected via jupiter (acting as an openvpn server) > | > leda (acting as a router) > | > aitne (acting as a client) > > I get 19Mbits/second, using iperf. Obviously, using openvpn as a server o= n > these routers will not scale to a lot of users. However, 19Mbits is not b= ad, > for the clients, for a first try, and is > probably adversely effected by using a weak box as a server. > > I'd be very interested to know if the clients can be made to work well > through NAT. > > A ping > > 20:46:46.674942 IP 192.168.115.171.38804 > 192.168.22.1.openvpn: UDP, > length 125 > 20:46:46.681440 IP 192.168.22.1.openvpn > 192.168.115.171.38804: UDP, > length 125 > 20:46:47.675078 IP 192.168.115.171.38804 > 192.168.22.1.openvpn: UDP, > length 125 > 20:46:47.681193 IP 192.168.22.1.openvpn > 192.168.115.171.38804: UDP, > length 125 > 20:46:48.675203 IP 192.168.115.171.38804 > 192.168.22.1.openvpn: UDP, > length 125 > 20:46:48.675818 IP 192.168.22.1.openvpn > 192.168.115.171.38804: UDP, > length 125 > > I'd like to give strongswan a shot at some point as the basic ipsec-tools= , > but I was > pleased this turned out so easy once I found a piece of doc that was up t= o > date. > > -- > Dave T=E4ht > SKYPE: davetaht > US Tel: 1-239-829-5608 > http://the-edge.blogspot.com > --=20 Dave T=E4ht SKYPE: davetaht US Tel: 1-239-829-5608 http://the-edge.blogspot.com --20cf3036405f146dcb04a47e4313 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable I got my (linux-based) laptop to punch through one layer of NAT just fine a= nd resolved the routing problem below.

Is there a willing victim^H^H= ^H^H^H^H tester out there that could test how well mac support would work?<= br>
I'd need to generate a cert and script that worked with this:
http:= //code.google.com/p/tunnelblick/

After running overnight, the openvpn server grew to about 8MB in size, and seems= to have stabilized there.



On Sun, May 29, 2011 at 3:01 PM, Dav= e Taht <dave.ta= ht@gmail.com> wrote:
Using 1024 bit keys, openvpn over udp, an easy-rsa cert authority, using ce= rtificates and a setup as per http://openvpn.net/index= .php/open-source/documentation/howto.html

(all the howtos on the web are obsolete, this one worked, I created a d= ir, did a make install,
=A0 and followed those instructions)

I h= ooked up 3 wndr3700 boxes in series for this test. I had to manually set it= up to
tunnel appropriately (it set up a tunnel to the wrong place, by default, it= 's just a config
option I haven't figured out, or so I hope)
=
connected via jupiter (acting as an openvpn server)
=A0=A0=A0=A0=A0= =A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0 |
=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0 leda=A0 = (acting as a router)
=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0= =A0=A0=A0=A0=A0=A0=A0=A0 |
=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0= =A0=A0=A0=A0=A0=A0=A0 aitne=A0 (acting as a client)

I = get 19Mbits/second, using iperf. Obviously, using openvpn as a server on th= ese routers will not scale to a lot of users. However, 19Mbits is not bad, = for the clients, for a first try, and is
probably adversely effected by using a weak box as a server.

I'= d be very interested to know if the clients can be made to work well throug= h NAT.

A ping

20:46:46.674942 IP 192.168.115.171.38804 > 1= 92.168.22.1.openvpn: UDP, length 125
20:46:46.681440 IP 192.168.22.1.openvpn > 192.168.115.171.38804: UDP, le= ngth 125
20:46:47.675078 IP 192.168.115.171.38804 > 192.168.22.1.open= vpn: UDP, length 125
20:46:47.681193 IP 192.168.22.1.openvpn > 192.16= 8.115.171.38804: UDP, length 125
20:46:48.675203 IP 192.168.115.171.38804 > 192.168.22.1.openvpn: UDP, le= ngth 125
20:46:48.675818 IP 192.168.22.1.openvpn > 192.168.115.171.38= 804: UDP, length 125

I'd like to give strongswan a shot at some = point as the basic ipsec-tools, but I was
pleased this turned out so easy once I found a piece of doc that was up to = date.

--
Dave T=E4ht
SKYPE: davetaht<= br>US Tel: 1-239-829-5608
http://the-edge.= blogspot.com



--
Dave T=E4ht
S= KYPE: davetaht
US Tel: 1-239-829-5608
http://the-edge.blogspot.com
--20cf3036405f146dcb04a47e4313--