From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-pl1-x635.google.com (mail-pl1-x635.google.com [IPv6:2607:f8b0:4864:20::635]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by lists.bufferbloat.net (Postfix) with ESMTPS id 49F563B2A4 for ; Tue, 21 Jan 2025 11:14:10 -0500 (EST) Received: by mail-pl1-x635.google.com with SMTP id d9443c01a7336-21654fdd5daso100750885ad.1 for ; Tue, 21 Jan 2025 08:14:10 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1737476049; x=1738080849; darn=lists.bufferbloat.net; h=content-transfer-encoding:in-reply-to:from:content-language :references:cc:to:subject:user-agent:mime-version:date:message-id :from:to:cc:subject:date:message-id:reply-to; bh=6oEWhi8rkExqdyZr9Hob/hFwDYDTzCOuIfvCwz0HXCI=; b=a6eEEr+f6dTs0x4Ao14jGGds4wUUzbNxeX056hk5cjC6ArBi26p/uSioO3tB2CHSHO BTV8etiTakXL0EpTFDsGaQGTnWR/2uRpBiTmmlcvGfzfXL2qwuUgC6snRcjfuB5tbSDa pesXIg3lIi7OqyFJY60FEvXVuVveZW0aPhO4coW/ybm7FYZjO+uvCaMc5GwC45bMJn/8 vQTWv5Ojv5IzjdoLPVDdUA1MbtPVCWEdCC2QvKSvgCY28xuj6lixxIeGjPAOLphxMXFo sK0LSUD4vgM0MHL4kf77m+jiJo7rrhgx+L061kA3BSGnIbDZxThrcXpH2mE0e90aueaY u2/g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1737476049; x=1738080849; h=content-transfer-encoding:in-reply-to:from:content-language :references:cc:to:subject:user-agent:mime-version:date:message-id :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=6oEWhi8rkExqdyZr9Hob/hFwDYDTzCOuIfvCwz0HXCI=; b=KGbjBIm8UqHc8UvcjSgePE1IygbNQ2vHIh9rMLGRp9LcVgm1F4HdQ64uHmf91xm5Uh CWdBKWDAEwPtdh2DT7wa0zbSvIHfj9eJgmH+NUiSlj4gS6M+snRrxIurIIV3jqWruYoz SVlKwhbPUwLshV/QzyU6h2+GGytG2+dZiqrzvXEWpQ0RF73dH3fPe+ghpE5uong70W3G CinezIhi/nXgM+KS3hzgB1RXLwFiMLlwEacAF2lAlRNoQCbo+uybegxu452poVpUReev plD/kzaMEzRdxcqsrivw9VX52eDG8BzVtFsg9RtJpDybo1Dn8XkzznbsSPNzCpt6XlsN yYEQ== X-Gm-Message-State: AOJu0Yx8Wszpk13APJVMvk3j8R2+bp7QlC+mcjjlFZdBJJxPHwXERszN R27owQapDHra4L0utfoqqXetFVGYfcfVL2PIi6bfc3qv9Q2jQ62Amf0ZcQ== X-Gm-Gg: ASbGncv9FYbHSSisbhfzurZTVMkjFJ0f83d/27AkXFPOYYNEGIqSzduqRlMUlEJxata rMvzpgcwiDsA7t/DdU1hCl0LbQTFVqv74kxUtbWSafKGBc5eFpOl//CeyYVFbFbKsJzZQzmvrdu jkI+2zHVtHAI/DUHY/DI1axhs11IlayV5VTFfZ6tK3XJmN4TP61TyjN9UomqzporEmXYFL7oCiB ckrj+D2ealWaor+6NdOkxKaHaGo1/WfcaeY5L1+aC4giJZvQCWEjUAqBQUyda63/iyx2pR2yepD eIAAvCcqSWzs4P+n1xPYZfo3DchVySETewtWuAufT9BgAZTNPJs= X-Google-Smtp-Source: AGHT+IGdzHUQiJkAI0K17/5Eb6uvSM/YRuno20H38wxVI7seMdPOdU92Neh9NR1prq87wy5UW6tRcA== X-Received: by 2002:a17:903:910:b0:216:282d:c69b with SMTP id d9443c01a7336-21c35607c11mr246868595ad.50.1737476048678; Tue, 21 Jan 2025 08:14:08 -0800 (PST) Received: from ?IPV6:2600:1700:8ca0:c7ef:fd51:5aaa:9274:c835? ([2600:1700:8ca0:c7ef:fd51:5aaa:9274:c835]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-21c2cea2caasm79688215ad.51.2025.01.21.08.14.07 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Tue, 21 Jan 2025 08:14:08 -0800 (PST) Message-ID: <5ce2978f-1b14-44af-8b89-69a17725c5c4@gmail.com> Date: Tue, 21 Jan 2025 08:14:07 -0800 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird To: David Lang Cc: starlink@lists.bufferbloat.net References: <269839o2-003o-1756-8r28-3on7q7nsrn54@ynat.uz> <36r7n950-4qs8-1p06-3595-95or55n5p181@ynat.uz> Content-Language: en-US From: Keith Simonsen In-Reply-To: <36r7n950-4qs8-1p06-3595-95or55n5p181@ynat.uz> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: [Starlink] starlink and VPN X-BeenThere: starlink@lists.bufferbloat.net X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Starlink has bufferbloat. Bad." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 21 Jan 2025 16:14:10 -0000 On 1/21/2025 7:22 AM, David Lang wrote: > b. angel wrote: > >> David, >> >> I gave up on open VPN and starlink a while ago. I've implemented >> wireguard >> tunnels with success and reliability. > > did you end up having to do anything with MTU? Did you use TCP or UDP > for your transport? It's UDP only. Standard wireguard config. I have links using PFSense to PFSense, Mikrotik to PFSense and Mikrotik Mikrotik all with good performance and months long reliability. Both permanent site-site circuits and "road warrior" style. In PFSense when you set up a wireguard interface it sets the MTU to 1420 and MSS to 1380. This depends on your WAN link of course. If your clients are needing OpenVPN you can make a "jumpbox" to terminate the Starlink wireguard circuits and set up an OpenVPN server routing to them. I've implemented this setup for one location. > > David Lang Keith > >> Keith >> >> On Mon, Jan 20, 2025, 23:25 David Lang via Starlink < >> starlink@lists.bufferbloat.net> wrote: >> >>> has anyone done any work with openvpn over starlink (especially if they >>> got the >>> connectors to completely bypass the router)? >>> >>> I've got the basic connectivity working, but am having problems >>> trying to >>> get >>> openvpn to work (especially for traffic back through the cgnat to the >>> router on >>> the starlink side) >>> >>> the logs on the client are reporting link local: (not bound) when >>> trying >>> UDP, >>> when I try TCP (and clamp the mtu low) I can connect from the starlink >>> side (st >>> least sometimes) but cannot get the routing the other way to work >>> >>> David Lang >>> _______________________________________________ >>> Starlink mailing list >>> Starlink@lists.bufferbloat.net >>> https://lists.bufferbloat.net/listinfo/starlink >>> >>