[ale] VPN+wireless is *really* slow
Joe
jknapka at earthlink.net
Mon Mar 17 10:17:13 EST 2003
"Keith R. Watson" <keith.watson at gtri.gatech.edu> writes:
> At 08:43 PM 3/15/2003 -0700, you wrote:
> >Hi folks,
> >
> >I've finally taught my Linux firewall and my WinXP box to talk to each
> >other via IPsec over a wifi connection. Due to M$ idiocy, this
> >involves tunnelling PPP in an L2TP tunnel which is in turn being piped
> >through an IPsec tunnel; all this, as you might imagine, lends a whole
> >new meaning to the phrase "configuration nightmare". What fun. Only
> >took five days to get it right. But boy, when it started working I
> >just about jumped out of my pants.
> >
> >However, I have a problem. My favorite thing to do with the XP box is
> >to fire up VNCviewer and use my Linux boxen remotely. But here I am
> >screwed, it seems. If I run the IPsec tunnel over a 10baseT
> >connection, or if I run wifi with no IPsec, VNC works fine. But if I
> >run my VNC session over IPsec+wifi, VNCviewer just sits there forever
> >saying, "Please wait, initial screen loading." Tcpdump reveals that
> >only a tiny fraction of the expected VNC traffic is actually leaving
> >the server (which, incidentaly, lives on my 10baseT LAN behind the
> >IPsec<-->wireless firewall).
> >
> >I suspect this has something to do with MTUs and/or fragmentation, but
> >I could be wrong, and my clue supply has run out. Any help?
> >
> >Thanks,
> >
> >-- Joe Knapka
>
> Joe,
>
> I've done some testing on the interaction of MTU and VPN traffic. Try
> lowering your MTU to 1000. If the problem clears up then you have an
> MTU/VPN conflict. If not then the problem lies elsewhere.
Thanks, Keith.
Setting the MTU to 800 on the VNC server box made everything work.
The VNC server is running on a Slack 8.1 box with a stock kernel,
and *every* packet that come out of that box has the "Don't Fragment"
bit set. I wonder why that would be?
Thanks,
-- Joe Knapka
_______________________________________________
Ale mailing list
Ale at ale.org
http://www.ale.org/mailman/listinfo/ale
More information about the Ale
mailing list