[ale] VPN+wireless is *really* slow

[Keith R. Watson]

At 08:43 PM 3/15/2003 -0700, you wrote:
>Hi folks,
>
>I've finally taught my Linux firewall and my WinXP box to talk to each
>other via IPsec over a wifi connection. Due to M$ idiocy, this
>involves tunnelling PPP in an L2TP tunnel which is in turn being piped
>through an IPsec tunnel; all this, as you might imagine, lends a whole
>new meaning to the phrase "configuration nightmare". What fun. Only
>took five days to get it right. But boy, when it started working I
>just about jumped out of my pants.
>
>However, I have a problem. My favorite thing to do with the XP box is
>to fire up VNCviewer and use my Linux boxen remotely. But here I am
>screwed, it seems. If I run the IPsec tunnel over a 10baseT
>connection, or if I run wifi with no IPsec, VNC works fine. But if I
>run my VNC session over IPsec+wifi, VNCviewer just sits there forever
>saying, "Please wait, initial screen loading." Tcpdump reveals that
>only a tiny fraction of the expected VNC traffic is actually leaving
>the server (which, incidentaly, lives on my 10baseT LAN behind the
>IPsec<-->wireless firewall).
>
>I suspect this has something to do with MTUs and/or fragmentation, but
>I could be wrong, and my clue supply has run out. Any help?
>
>Thanks,
>
>-- Joe Knapka

Joe,

I've done some testing on the interaction of MTU and VPN traffic. Try 
lowering your MTU to 1000. If the problem clears up then you have an 
MTU/VPN conflict. If not then the problem lies elsewhere.

keith
-------------

Keith R. Watson                        GTRI/ITD
Systems Support Specialist III         Georgia Tech Research Institute
keith.watson at gtri.gatech.edu           Atlanta, GA  30332-0816
404-894-0836

_______________________________________________
Ale mailing list
Ale at ale.org
http://www.ale.org/mailman/listinfo/ale