How to explain packet loss inside VPN? The Next CEO of Stack OverflowHow to create an...
Legal workarounds for testamentary trust perceived as unfair
Does Germany produce more waste than the US?
What flight has the highest ratio of timezone difference to flight time?
Would a grinding machine be a simple and workable propulsion system for an interplanetary spacecraft?
Chain wire methods together in Lightning Web Components
Which one is the true statement?
What did we know about the Kessel run before the prequels?
Would this house-rule that treats advantage as a +1 to the roll instead (and disadvantage as -1) and allows them to stack be balanced?
Is it convenient to ask the journal's editor for two additional days to complete a review?
Is it ever safe to open a suspicious HTML file (e.g. email attachment)?
Are police here, aren't itthey?
How to invert MapIndexed on a ragged structure? How to construct a tree from rules?
What happened in Rome, when the western empire "fell"?
I want to delete every two lines after 3rd lines in file contain very large number of lines :
Is a distribution that is normal, but highly skewed considered Gaussian?
How to get from Geneva Airport to Metabief, Doubs, France by public transport?
Do I need to write [sic] when a number is less than 10 but isn't written out?
Is micro rebar a better way to reinforce concrete than rebar?
Why is information "lost" when it got into a black hole?
Can MTA send mail via a relay without being told so?
Newlines in BSD sed vs gsed
Domestic-to-international connection at Orlando (MCO)
Where do students learn to solve polynomial equations these days?
Why do remote US companies require working in the US?
How to explain packet loss inside VPN?
The Next CEO of Stack OverflowHow to create an (open)VPN connection to my routerSimple VPN Configuration for OpenWRTCan't ping specific IP via OpenVPNOpenVPN server's IP address when using VPN vs. LANIPSec VPN Routed LANsOpenvpn issue with reconnection and multiple clients in the same NATCan connect to VPN server with local but not with public IP - port forwarding issue?ASUS Router VPN client profile internet connection not working / is droppedCan DHCP requests leak information to my ISP while I am connected to a VPN?OpenVPN subnet can be accessed, but internet does not work
I run an OpenVPN server (2.3.4) on Debian Jessie on UDP (port 1194) with TAP. The link to the Internet is 100Mbit/s (symetric).
Client runs TunnelBlick (3.7.0 with OpenVPN 2.3.14) on a MacBookPro 2015 behind a residential cable modem with 100Mbit/s down and 5Mbit/s up.
I constantly monitor packet loss both inside and outside VPN between the server and the client using Smokeping. Here are two graphs:
Outside the VPN: 0.05% packet loss (Smokeping graph)
Inside the VPN : 5.26% packet loss (Smokeping graph)
Smokeping runs on the VPN server and is configured to probe the public IP (outside the VPN graph) and the VPN's internal IP (inside the VPN graph).
What could explain this difference?
Some more details:
- CPU on the client is always lower than 50% and way lower than that on the server
- Bandwidth usage on the server is generally between 10% and 30%
- Server has 10-20 simultaneous clients connected, mostly Linux boxes, and I only observe this problem on two clients running macOS Sierra
- Sometimes, when TunnelBlick is restarted on the client, packet loss inside the VPN matches what I see outside the VPN (~0%), but sometimes it is persistent across TunnelBlick restarts
Are there any obvious things you would test on this setup?
networking vpn openvpn
asked Feb 3 '17 at 9:20
Dario SpagnoloDario Spagnolo
62
bumped to the homepage by Community♦ 13 mins ago
This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
add a comment |
I run an OpenVPN server (2.3.4) on Debian Jessie on UDP (port 1194) with TAP. The link to the Internet is 100Mbit/s (symetric).
Client runs TunnelBlick (3.7.0 with OpenVPN 2.3.14) on a MacBookPro 2015 behind a residential cable modem with 100Mbit/s down and 5Mbit/s up.
I constantly monitor packet loss both inside and outside VPN between the server and the client using Smokeping. Here are two graphs:
Outside the VPN: 0.05% packet loss (Smokeping graph)
Inside the VPN : 5.26% packet loss (Smokeping graph)
Smokeping runs on the VPN server and is configured to probe the public IP (outside the VPN graph) and the VPN's internal IP (inside the VPN graph).
What could explain this difference?
Some more details:
- CPU on the client is always lower than 50% and way lower than that on the server
- Bandwidth usage on the server is generally between 10% and 30%
- Server has 10-20 simultaneous clients connected, mostly Linux boxes, and I only observe this problem on two clients running macOS Sierra
- Sometimes, when TunnelBlick is restarted on the client, packet loss inside the VPN matches what I see outside the VPN (~0%), but sometimes it is persistent across TunnelBlick restarts
Are there any obvious things you would test on this setup?
networking vpn openvpn
asked Feb 3 '17 at 9:20
Dario SpagnoloDario Spagnolo
62
bumped to the homepage by Community♦ 13 mins ago
This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
add a comment |
I run an OpenVPN server (2.3.4) on Debian Jessie on UDP (port 1194) with TAP. The link to the Internet is 100Mbit/s (symetric).
Client runs TunnelBlick (3.7.0 with OpenVPN 2.3.14) on a MacBookPro 2015 behind a residential cable modem with 100Mbit/s down and 5Mbit/s up.
I constantly monitor packet loss both inside and outside VPN between the server and the client using Smokeping. Here are two graphs:
Outside the VPN: 0.05% packet loss (Smokeping graph)
Inside the VPN : 5.26% packet loss (Smokeping graph)
Smokeping runs on the VPN server and is configured to probe the public IP (outside the VPN graph) and the VPN's internal IP (inside the VPN graph).
What could explain this difference?
Some more details:
- CPU on the client is always lower than 50% and way lower than that on the server
- Bandwidth usage on the server is generally between 10% and 30%
- Server has 10-20 simultaneous clients connected, mostly Linux boxes, and I only observe this problem on two clients running macOS Sierra
- Sometimes, when TunnelBlick is restarted on the client, packet loss inside the VPN matches what I see outside the VPN (~0%), but sometimes it is persistent across TunnelBlick restarts
Are there any obvious things you would test on this setup?
networking vpn openvpn
asked Feb 3 '17 at 9:20
Dario SpagnoloDario Spagnolo
62
I run an OpenVPN server (2.3.4) on Debian Jessie on UDP (port 1194) with TAP. The link to the Internet is 100Mbit/s (symetric).
Client runs TunnelBlick (3.7.0 with OpenVPN 2.3.14) on a MacBookPro 2015 behind a residential cable modem with 100Mbit/s down and 5Mbit/s up.
I constantly monitor packet loss both inside and outside VPN between the server and the client using Smokeping. Here are two graphs:
Outside the VPN: 0.05% packet loss (Smokeping graph)
Inside the VPN : 5.26% packet loss (Smokeping graph)
Smokeping runs on the VPN server and is configured to probe the public IP (outside the VPN graph) and the VPN's internal IP (inside the VPN graph).
What could explain this difference?
Some more details:
- CPU on the client is always lower than 50% and way lower than that on the server
- Bandwidth usage on the server is generally between 10% and 30%
- Server has 10-20 simultaneous clients connected, mostly Linux boxes, and I only observe this problem on two clients running macOS Sierra
- Sometimes, when TunnelBlick is restarted on the client, packet loss inside the VPN matches what I see outside the VPN (~0%), but sometimes it is persistent across TunnelBlick restarts
Are there any obvious things you would test on this setup?
networking vpn openvpn
networking vpn openvpn
asked Feb 3 '17 at 9:20
Dario SpagnoloDario Spagnolo
62
asked Feb 3 '17 at 9:20
Dario SpagnoloDario Spagnolo
62
asked Feb 3 '17 at 9:20
Dario SpagnoloDario Spagnolo
62
asked Feb 3 '17 at 9:20
Dario SpagnoloDario Spagnolo
62
asked Feb 3 '17 at 9:20
Dario SpagnoloDario Spagnolo
62
62
bumped to the homepage by Community♦ 13 mins ago
This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
bumped to the homepage by Community♦ 13 mins ago
This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
add a comment |
add a comment |
1 Answer
1
active
oldest
votes
I suspect this is not the problem specific to OpenVPN server or client, but rather to MacOS Sierra. Googling "mac os sierra packet loss" gives a link dated Oct 13, 2016 named Connection drops in macOS Sierra. In your case with OpenVPN off not only the packets are lost, but also some packets have much longer Round Trip Time. Not 100% sure about this, but my guess would be that when you have OpenVPN on, if a later created packet arrived earlier than the earlier created packet, OpenVPN just decides that the earlier packet is lost without further waiting. Than is why with OpenVPN on the loss rate becomes higher. Or may be when ping is done inside OpenVPN encapsulation, the packets are bigger in size and become more sensitive to a bad connection. Try using
proto tcp-server
on the server side and
proto tcp-client
on the client side and see if the loss rate with OpenVPN becomes comparable to the loss rate without OpenVPN.
answered Feb 3 '17 at 11:51
John SmithJohn Smith
1387
Thank you for your answer. So you suggest running the OpenVPN tunnel over TCP rather than UDP. I thought about this too but was reluctant due to the TCP-overt-TCP meltdown issue. I will give it a try anyway!
– Dario Spagnolo
Feb 3 '17 at 16:53
I would give it a try in order to see if this will reduce the packet loss rate. But you are right, tcp-over-tcp does have issues, including slower connection. So it depends on what you're using your openvpn tunnel for. If speed is more important, like in VoIP, I would continue using upd.
– John Smith
Feb 4 '17 at 3:41
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "3"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1174759%2fhow-to-explain-packet-loss-inside-vpn%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
I suspect this is not the problem specific to OpenVPN server or client, but rather to MacOS Sierra. Googling "mac os sierra packet loss" gives a link dated Oct 13, 2016 named Connection drops in macOS Sierra. In your case with OpenVPN off not only the packets are lost, but also some packets have much longer Round Trip Time. Not 100% sure about this, but my guess would be that when you have OpenVPN on, if a later created packet arrived earlier than the earlier created packet, OpenVPN just decides that the earlier packet is lost without further waiting. Than is why with OpenVPN on the loss rate becomes higher. Or may be when ping is done inside OpenVPN encapsulation, the packets are bigger in size and become more sensitive to a bad connection. Try using
proto tcp-server
on the server side and
proto tcp-client
on the client side and see if the loss rate with OpenVPN becomes comparable to the loss rate without OpenVPN.
answered Feb 3 '17 at 11:51
John SmithJohn Smith
1387
Thank you for your answer. So you suggest running the OpenVPN tunnel over TCP rather than UDP. I thought about this too but was reluctant due to the TCP-overt-TCP meltdown issue. I will give it a try anyway!
– Dario Spagnolo
Feb 3 '17 at 16:53
I would give it a try in order to see if this will reduce the packet loss rate. But you are right, tcp-over-tcp does have issues, including slower connection. So it depends on what you're using your openvpn tunnel for. If speed is more important, like in VoIP, I would continue using upd.
– John Smith
Feb 4 '17 at 3:41
add a comment |
I suspect this is not the problem specific to OpenVPN server or client, but rather to MacOS Sierra. Googling "mac os sierra packet loss" gives a link dated Oct 13, 2016 named Connection drops in macOS Sierra. In your case with OpenVPN off not only the packets are lost, but also some packets have much longer Round Trip Time. Not 100% sure about this, but my guess would be that when you have OpenVPN on, if a later created packet arrived earlier than the earlier created packet, OpenVPN just decides that the earlier packet is lost without further waiting. Than is why with OpenVPN on the loss rate becomes higher. Or may be when ping is done inside OpenVPN encapsulation, the packets are bigger in size and become more sensitive to a bad connection. Try using
proto tcp-server
on the server side and
proto tcp-client
on the client side and see if the loss rate with OpenVPN becomes comparable to the loss rate without OpenVPN.
answered Feb 3 '17 at 11:51
John SmithJohn Smith
1387
Thank you for your answer. So you suggest running the OpenVPN tunnel over TCP rather than UDP. I thought about this too but was reluctant due to the TCP-overt-TCP meltdown issue. I will give it a try anyway!
– Dario Spagnolo
Feb 3 '17 at 16:53
I would give it a try in order to see if this will reduce the packet loss rate. But you are right, tcp-over-tcp does have issues, including slower connection. So it depends on what you're using your openvpn tunnel for. If speed is more important, like in VoIP, I would continue using upd.
– John Smith
Feb 4 '17 at 3:41
add a comment |
I suspect this is not the problem specific to OpenVPN server or client, but rather to MacOS Sierra. Googling "mac os sierra packet loss" gives a link dated Oct 13, 2016 named Connection drops in macOS Sierra. In your case with OpenVPN off not only the packets are lost, but also some packets have much longer Round Trip Time. Not 100% sure about this, but my guess would be that when you have OpenVPN on, if a later created packet arrived earlier than the earlier created packet, OpenVPN just decides that the earlier packet is lost without further waiting. Than is why with OpenVPN on the loss rate becomes higher. Or may be when ping is done inside OpenVPN encapsulation, the packets are bigger in size and become more sensitive to a bad connection. Try using
proto tcp-server
on the server side and
proto tcp-client
on the client side and see if the loss rate with OpenVPN becomes comparable to the loss rate without OpenVPN.
answered Feb 3 '17 at 11:51
John SmithJohn Smith
1387
I suspect this is not the problem specific to OpenVPN server or client, but rather to MacOS Sierra. Googling "mac os sierra packet loss" gives a link dated Oct 13, 2016 named Connection drops in macOS Sierra. In your case with OpenVPN off not only the packets are lost, but also some packets have much longer Round Trip Time. Not 100% sure about this, but my guess would be that when you have OpenVPN on, if a later created packet arrived earlier than the earlier created packet, OpenVPN just decides that the earlier packet is lost without further waiting. Than is why with OpenVPN on the loss rate becomes higher. Or may be when ping is done inside OpenVPN encapsulation, the packets are bigger in size and become more sensitive to a bad connection. Try using
proto tcp-server
on the server side and
proto tcp-client
on the client side and see if the loss rate with OpenVPN becomes comparable to the loss rate without OpenVPN.
answered Feb 3 '17 at 11:51
John SmithJohn Smith
1387
edited Feb 3 '17 at 11:58
answered Feb 3 '17 at 11:51
John SmithJohn Smith
1387
answered Feb 3 '17 at 11:51
John SmithJohn Smith
1387
answered Feb 3 '17 at 11:51
John SmithJohn Smith
1387
1387
Thank you for your answer. So you suggest running the OpenVPN tunnel over TCP rather than UDP. I thought about this too but was reluctant due to the TCP-overt-TCP meltdown issue. I will give it a try anyway!
– Dario Spagnolo
Feb 3 '17 at 16:53
I would give it a try in order to see if this will reduce the packet loss rate. But you are right, tcp-over-tcp does have issues, including slower connection. So it depends on what you're using your openvpn tunnel for. If speed is more important, like in VoIP, I would continue using upd.
– John Smith
Feb 4 '17 at 3:41
add a comment |
Thank you for your answer. So you suggest running the OpenVPN tunnel over TCP rather than UDP. I thought about this too but was reluctant due to the TCP-overt-TCP meltdown issue. I will give it a try anyway!
– Dario Spagnolo
Feb 3 '17 at 16:53
I would give it a try in order to see if this will reduce the packet loss rate. But you are right, tcp-over-tcp does have issues, including slower connection. So it depends on what you're using your openvpn tunnel for. If speed is more important, like in VoIP, I would continue using upd.
– John Smith
Feb 4 '17 at 3:41
Thank you for your answer. So you suggest running the OpenVPN tunnel over TCP rather than UDP. I thought about this too but was reluctant due to the TCP-overt-TCP meltdown issue. I will give it a try anyway!
– Dario Spagnolo
Feb 3 '17 at 16:53
Thank you for your answer. So you suggest running the OpenVPN tunnel over TCP rather than UDP. I thought about this too but was reluctant due to the TCP-overt-TCP meltdown issue. I will give it a try anyway!
– Dario Spagnolo
Feb 3 '17 at 16:53
I would give it a try in order to see if this will reduce the packet loss rate. But you are right, tcp-over-tcp does have issues, including slower connection. So it depends on what you're using your openvpn tunnel for. If speed is more important, like in VoIP, I would continue using upd.
– John Smith
Feb 4 '17 at 3:41
I would give it a try in order to see if this will reduce the packet loss rate. But you are right, tcp-over-tcp does have issues, including slower connection. So it depends on what you're using your openvpn tunnel for. If speed is more important, like in VoIP, I would continue using upd.
– John Smith
Feb 4 '17 at 3:41
add a comment |
Thanks for contributing an answer to Super User!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1174759%2fhow-to-explain-packet-loss-inside-vpn%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
