[ale] VPN+wireless is *really* slow
James P. Kinney III
jkinney at localnetsolutions.com
Sun Mar 16 10:29:08 EST 2003
Joe,
All the assorted tunneling add packet overhead to a slow link. There is
a compression flag on vnc that might help.
Also, the ipsec stuff can be tunneled directly without all the other
layers. see:
http://www.natecarlson.com/linux/ipsec-x509.php
and the link there for ipsec tool.
On Sat, 2003-03-15 at 22:43, Joe wrote:
> Hi folks,
>
> I've finally taught my Linux firewall and my WinXP box to talk to each
> other via IPsec over a wifi connection. Due to M$ idiocy, this
> involves tunnelling PPP in an L2TP tunnel which is in turn being piped
> through an IPsec tunnel; all this, as you might imagine, lends a whole
> new meaning to the phrase "configuration nightmare". What fun. Only
> took five days to get it right. But boy, when it started working I
> just about jumped out of my pants.
>
> However, I have a problem. My favorite thing to do with the XP box is
> to fire up VNCviewer and use my Linux boxen remotely. But here I am
> screwed, it seems. If I run the IPsec tunnel over a 10baseT
> connection, or if I run wifi with no IPsec, VNC works fine. But if I
> run my VNC session over IPsec+wifi, VNCviewer just sits there forever
> saying, "Please wait, initial screen loading." Tcpdump reveals that
> only a tiny fraction of the expected VNC traffic is actually leaving
> the server (which, incidentaly, lives on my 10baseT LAN behind the
> IPsec<-->wireless firewall).
>
> I suspect this has something to do with MTUs and/or fragmentation, but
> I could be wrong, and my clue supply has run out. Any help?
>
> Thanks,
>
> -- Joe Knapka
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://www.ale.org/mailman/listinfo/ale
--
James P. Kinney III \Changing the mobile computing world/
CEO & Director of Engineering \ one Linux user /
Local Net Solutions,LLC \ at a time. /
770-493-8244 \.___________________________./
http://www.localnetsolutions.com
GPG ID: 829C6CA7 James P. Kinney III (M.S. Physics) <jkinney at localnetsolutions.com>
Fingerprint = 3C9E 6366 54FC A3FE BA4D 0659 6190 ADC3 829C 6CA7
This is a digitally signed message part
More information about the Ale
mailing list