How to explain packet loss inside VPN? The Next CEO of Stack OverflowHow to create an...

Legal workarounds for testamentary trust perceived as unfair

Does Germany produce more waste than the US?

What flight has the highest ratio of timezone difference to flight time?

Would a grinding machine be a simple and workable propulsion system for an interplanetary spacecraft?

Chain wire methods together in Lightning Web Components

Which one is the true statement?

What did we know about the Kessel run before the prequels?

Would this house-rule that treats advantage as a +1 to the roll instead (and disadvantage as -1) and allows them to stack be balanced?

Is it convenient to ask the journal's editor for two additional days to complete a review?

Is it ever safe to open a suspicious HTML file (e.g. email attachment)?

Are police here, aren't itthey?

How to invert MapIndexed on a ragged structure? How to construct a tree from rules?

What happened in Rome, when the western empire "fell"?

I want to delete every two lines after 3rd lines in file contain very large number of lines :

Is a distribution that is normal, but highly skewed considered Gaussian?

How to get from Geneva Airport to Metabief, Doubs, France by public transport?

Do I need to write [sic] when a number is less than 10 but isn't written out?

Is micro rebar a better way to reinforce concrete than rebar?

Why is information "lost" when it got into a black hole?

Can MTA send mail via a relay without being told so?

Newlines in BSD sed vs gsed

Domestic-to-international connection at Orlando (MCO)

Where do students learn to solve polynomial equations these days?

Why do remote US companies require working in the US?



How to explain packet loss inside VPN?



The Next CEO of Stack OverflowHow to create an (open)VPN connection to my routerSimple VPN Configuration for OpenWRTCan't ping specific IP via OpenVPNOpenVPN server's IP address when using VPN vs. LANIPSec VPN Routed LANsOpenvpn issue with reconnection and multiple clients in the same NATCan connect to VPN server with local but not with public IP - port forwarding issue?ASUS Router VPN client profile internet connection not working / is droppedCan DHCP requests leak information to my ISP while I am connected to a VPN?OpenVPN subnet can be accessed, but internet does not work












1















I run an OpenVPN server (2.3.4) on Debian Jessie on UDP (port 1194) with TAP. The link to the Internet is 100Mbit/s (symetric).



Client runs TunnelBlick (3.7.0 with OpenVPN 2.3.14) on a MacBookPro 2015 behind a residential cable modem with 100Mbit/s down and 5Mbit/s up.



I constantly monitor packet loss both inside and outside VPN between the server and the client using Smokeping. Here are two graphs:



Outside the VPN: 0.05% packet loss (Smokeping graph)



Inside the VPN : 5.26% packet loss (Smokeping graph)



Smokeping runs on the VPN server and is configured to probe the public IP (outside the VPN graph) and the VPN's internal IP (inside the VPN graph).



What could explain this difference?



Some more details:




  • CPU on the client is always lower than 50% and way lower than that on the server

  • Bandwidth usage on the server is generally between 10% and 30%

  • Server has 10-20 simultaneous clients connected, mostly Linux boxes, and I only observe this problem on two clients running macOS Sierra

  • Sometimes, when TunnelBlick is restarted on the client, packet loss inside the VPN matches what I see outside the VPN (~0%), but sometimes it is persistent across TunnelBlick restarts


Are there any obvious things you would test on this setup?










share|improve this question














bumped to the homepage by Community 13 mins ago


This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.




















    1















    I run an OpenVPN server (2.3.4) on Debian Jessie on UDP (port 1194) with TAP. The link to the Internet is 100Mbit/s (symetric).



    Client runs TunnelBlick (3.7.0 with OpenVPN 2.3.14) on a MacBookPro 2015 behind a residential cable modem with 100Mbit/s down and 5Mbit/s up.



    I constantly monitor packet loss both inside and outside VPN between the server and the client using Smokeping. Here are two graphs:



    Outside the VPN: 0.05% packet loss (Smokeping graph)



    Inside the VPN : 5.26% packet loss (Smokeping graph)



    Smokeping runs on the VPN server and is configured to probe the public IP (outside the VPN graph) and the VPN's internal IP (inside the VPN graph).



    What could explain this difference?



    Some more details:




    • CPU on the client is always lower than 50% and way lower than that on the server

    • Bandwidth usage on the server is generally between 10% and 30%

    • Server has 10-20 simultaneous clients connected, mostly Linux boxes, and I only observe this problem on two clients running macOS Sierra

    • Sometimes, when TunnelBlick is restarted on the client, packet loss inside the VPN matches what I see outside the VPN (~0%), but sometimes it is persistent across TunnelBlick restarts


    Are there any obvious things you would test on this setup?










    share|improve this question














    bumped to the homepage by Community 13 mins ago


    This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.


















      1












      1








      1








      I run an OpenVPN server (2.3.4) on Debian Jessie on UDP (port 1194) with TAP. The link to the Internet is 100Mbit/s (symetric).



      Client runs TunnelBlick (3.7.0 with OpenVPN 2.3.14) on a MacBookPro 2015 behind a residential cable modem with 100Mbit/s down and 5Mbit/s up.



      I constantly monitor packet loss both inside and outside VPN between the server and the client using Smokeping. Here are two graphs:



      Outside the VPN: 0.05% packet loss (Smokeping graph)



      Inside the VPN : 5.26% packet loss (Smokeping graph)



      Smokeping runs on the VPN server and is configured to probe the public IP (outside the VPN graph) and the VPN's internal IP (inside the VPN graph).



      What could explain this difference?



      Some more details:




      • CPU on the client is always lower than 50% and way lower than that on the server

      • Bandwidth usage on the server is generally between 10% and 30%

      • Server has 10-20 simultaneous clients connected, mostly Linux boxes, and I only observe this problem on two clients running macOS Sierra

      • Sometimes, when TunnelBlick is restarted on the client, packet loss inside the VPN matches what I see outside the VPN (~0%), but sometimes it is persistent across TunnelBlick restarts


      Are there any obvious things you would test on this setup?










      share|improve this question














      I run an OpenVPN server (2.3.4) on Debian Jessie on UDP (port 1194) with TAP. The link to the Internet is 100Mbit/s (symetric).



      Client runs TunnelBlick (3.7.0 with OpenVPN 2.3.14) on a MacBookPro 2015 behind a residential cable modem with 100Mbit/s down and 5Mbit/s up.



      I constantly monitor packet loss both inside and outside VPN between the server and the client using Smokeping. Here are two graphs:



      Outside the VPN: 0.05% packet loss (Smokeping graph)



      Inside the VPN : 5.26% packet loss (Smokeping graph)



      Smokeping runs on the VPN server and is configured to probe the public IP (outside the VPN graph) and the VPN's internal IP (inside the VPN graph).



      What could explain this difference?



      Some more details:




      • CPU on the client is always lower than 50% and way lower than that on the server

      • Bandwidth usage on the server is generally between 10% and 30%

      • Server has 10-20 simultaneous clients connected, mostly Linux boxes, and I only observe this problem on two clients running macOS Sierra

      • Sometimes, when TunnelBlick is restarted on the client, packet loss inside the VPN matches what I see outside the VPN (~0%), but sometimes it is persistent across TunnelBlick restarts


      Are there any obvious things you would test on this setup?







      networking vpn openvpn






      share|improve this question













      share|improve this question











      share|improve this question




      share|improve this question










      asked Feb 3 '17 at 9:20









      Dario SpagnoloDario Spagnolo

      62




      62





      bumped to the homepage by Community 13 mins ago


      This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.







      bumped to the homepage by Community 13 mins ago


      This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
























          1 Answer
          1






          active

          oldest

          votes


















          0














          I suspect this is not the problem specific to OpenVPN server or client, but rather to MacOS Sierra. Googling "mac os sierra packet loss" gives a link dated Oct 13, 2016 named Connection drops in macOS Sierra. In your case with OpenVPN off not only the packets are lost, but also some packets have much longer Round Trip Time. Not 100% sure about this, but my guess would be that when you have OpenVPN on, if a later created packet arrived earlier than the earlier created packet, OpenVPN just decides that the earlier packet is lost without further waiting. Than is why with OpenVPN on the loss rate becomes higher. Or may be when ping is done inside OpenVPN encapsulation, the packets are bigger in size and become more sensitive to a bad connection. Try using



          proto tcp-server


          on the server side and



          proto tcp-client


          on the client side and see if the loss rate with OpenVPN becomes comparable to the loss rate without OpenVPN.






          share|improve this answer


























          • Thank you for your answer. So you suggest running the OpenVPN tunnel over TCP rather than UDP. I thought about this too but was reluctant due to the TCP-overt-TCP meltdown issue. I will give it a try anyway!

            – Dario Spagnolo
            Feb 3 '17 at 16:53











          • I would give it a try in order to see if this will reduce the packet loss rate. But you are right, tcp-over-tcp does have issues, including slower connection. So it depends on what you're using your openvpn tunnel for. If speed is more important, like in VoIP, I would continue using upd.

            – John Smith
            Feb 4 '17 at 3:41












          Your Answer








          StackExchange.ready(function() {
          var channelOptions = {
          tags: "".split(" "),
          id: "3"
          };
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function() {
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled) {
          StackExchange.using("snippets", function() {
          createEditor();
          });
          }
          else {
          createEditor();
          }
          });

          function createEditor() {
          StackExchange.prepareEditor({
          heartbeatType: 'answer',
          autoActivateHeartbeat: false,
          convertImagesToLinks: true,
          noModals: true,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: 10,
          bindNavPrevention: true,
          postfix: "",
          imageUploader: {
          brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
          contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
          allowUrls: true
          },
          onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          });


          }
          });














          draft saved

          draft discarded


















          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1174759%2fhow-to-explain-packet-loss-inside-vpn%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown

























          1 Answer
          1






          active

          oldest

          votes








          1 Answer
          1






          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes









          0














          I suspect this is not the problem specific to OpenVPN server or client, but rather to MacOS Sierra. Googling "mac os sierra packet loss" gives a link dated Oct 13, 2016 named Connection drops in macOS Sierra. In your case with OpenVPN off not only the packets are lost, but also some packets have much longer Round Trip Time. Not 100% sure about this, but my guess would be that when you have OpenVPN on, if a later created packet arrived earlier than the earlier created packet, OpenVPN just decides that the earlier packet is lost without further waiting. Than is why with OpenVPN on the loss rate becomes higher. Or may be when ping is done inside OpenVPN encapsulation, the packets are bigger in size and become more sensitive to a bad connection. Try using



          proto tcp-server


          on the server side and



          proto tcp-client


          on the client side and see if the loss rate with OpenVPN becomes comparable to the loss rate without OpenVPN.






          share|improve this answer


























          • Thank you for your answer. So you suggest running the OpenVPN tunnel over TCP rather than UDP. I thought about this too but was reluctant due to the TCP-overt-TCP meltdown issue. I will give it a try anyway!

            – Dario Spagnolo
            Feb 3 '17 at 16:53











          • I would give it a try in order to see if this will reduce the packet loss rate. But you are right, tcp-over-tcp does have issues, including slower connection. So it depends on what you're using your openvpn tunnel for. If speed is more important, like in VoIP, I would continue using upd.

            – John Smith
            Feb 4 '17 at 3:41
















          0














          I suspect this is not the problem specific to OpenVPN server or client, but rather to MacOS Sierra. Googling "mac os sierra packet loss" gives a link dated Oct 13, 2016 named Connection drops in macOS Sierra. In your case with OpenVPN off not only the packets are lost, but also some packets have much longer Round Trip Time. Not 100% sure about this, but my guess would be that when you have OpenVPN on, if a later created packet arrived earlier than the earlier created packet, OpenVPN just decides that the earlier packet is lost without further waiting. Than is why with OpenVPN on the loss rate becomes higher. Or may be when ping is done inside OpenVPN encapsulation, the packets are bigger in size and become more sensitive to a bad connection. Try using



          proto tcp-server


          on the server side and



          proto tcp-client


          on the client side and see if the loss rate with OpenVPN becomes comparable to the loss rate without OpenVPN.






          share|improve this answer


























          • Thank you for your answer. So you suggest running the OpenVPN tunnel over TCP rather than UDP. I thought about this too but was reluctant due to the TCP-overt-TCP meltdown issue. I will give it a try anyway!

            – Dario Spagnolo
            Feb 3 '17 at 16:53











          • I would give it a try in order to see if this will reduce the packet loss rate. But you are right, tcp-over-tcp does have issues, including slower connection. So it depends on what you're using your openvpn tunnel for. If speed is more important, like in VoIP, I would continue using upd.

            – John Smith
            Feb 4 '17 at 3:41














          0












          0








          0







          I suspect this is not the problem specific to OpenVPN server or client, but rather to MacOS Sierra. Googling "mac os sierra packet loss" gives a link dated Oct 13, 2016 named Connection drops in macOS Sierra. In your case with OpenVPN off not only the packets are lost, but also some packets have much longer Round Trip Time. Not 100% sure about this, but my guess would be that when you have OpenVPN on, if a later created packet arrived earlier than the earlier created packet, OpenVPN just decides that the earlier packet is lost without further waiting. Than is why with OpenVPN on the loss rate becomes higher. Or may be when ping is done inside OpenVPN encapsulation, the packets are bigger in size and become more sensitive to a bad connection. Try using



          proto tcp-server


          on the server side and



          proto tcp-client


          on the client side and see if the loss rate with OpenVPN becomes comparable to the loss rate without OpenVPN.






          share|improve this answer















          I suspect this is not the problem specific to OpenVPN server or client, but rather to MacOS Sierra. Googling "mac os sierra packet loss" gives a link dated Oct 13, 2016 named Connection drops in macOS Sierra. In your case with OpenVPN off not only the packets are lost, but also some packets have much longer Round Trip Time. Not 100% sure about this, but my guess would be that when you have OpenVPN on, if a later created packet arrived earlier than the earlier created packet, OpenVPN just decides that the earlier packet is lost without further waiting. Than is why with OpenVPN on the loss rate becomes higher. Or may be when ping is done inside OpenVPN encapsulation, the packets are bigger in size and become more sensitive to a bad connection. Try using



          proto tcp-server


          on the server side and



          proto tcp-client


          on the client side and see if the loss rate with OpenVPN becomes comparable to the loss rate without OpenVPN.







          share|improve this answer














          share|improve this answer



          share|improve this answer








          edited Feb 3 '17 at 11:58

























          answered Feb 3 '17 at 11:51









          John SmithJohn Smith

          1387




          1387













          • Thank you for your answer. So you suggest running the OpenVPN tunnel over TCP rather than UDP. I thought about this too but was reluctant due to the TCP-overt-TCP meltdown issue. I will give it a try anyway!

            – Dario Spagnolo
            Feb 3 '17 at 16:53











          • I would give it a try in order to see if this will reduce the packet loss rate. But you are right, tcp-over-tcp does have issues, including slower connection. So it depends on what you're using your openvpn tunnel for. If speed is more important, like in VoIP, I would continue using upd.

            – John Smith
            Feb 4 '17 at 3:41



















          • Thank you for your answer. So you suggest running the OpenVPN tunnel over TCP rather than UDP. I thought about this too but was reluctant due to the TCP-overt-TCP meltdown issue. I will give it a try anyway!

            – Dario Spagnolo
            Feb 3 '17 at 16:53











          • I would give it a try in order to see if this will reduce the packet loss rate. But you are right, tcp-over-tcp does have issues, including slower connection. So it depends on what you're using your openvpn tunnel for. If speed is more important, like in VoIP, I would continue using upd.

            – John Smith
            Feb 4 '17 at 3:41

















          Thank you for your answer. So you suggest running the OpenVPN tunnel over TCP rather than UDP. I thought about this too but was reluctant due to the TCP-overt-TCP meltdown issue. I will give it a try anyway!

          – Dario Spagnolo
          Feb 3 '17 at 16:53





          Thank you for your answer. So you suggest running the OpenVPN tunnel over TCP rather than UDP. I thought about this too but was reluctant due to the TCP-overt-TCP meltdown issue. I will give it a try anyway!

          – Dario Spagnolo
          Feb 3 '17 at 16:53













          I would give it a try in order to see if this will reduce the packet loss rate. But you are right, tcp-over-tcp does have issues, including slower connection. So it depends on what you're using your openvpn tunnel for. If speed is more important, like in VoIP, I would continue using upd.

          – John Smith
          Feb 4 '17 at 3:41





          I would give it a try in order to see if this will reduce the packet loss rate. But you are right, tcp-over-tcp does have issues, including slower connection. So it depends on what you're using your openvpn tunnel for. If speed is more important, like in VoIP, I would continue using upd.

          – John Smith
          Feb 4 '17 at 3:41


















          draft saved

          draft discarded




















































          Thanks for contributing an answer to Super User!


          • Please be sure to answer the question. Provide details and share your research!

          But avoid



          • Asking for help, clarification, or responding to other answers.

          • Making statements based on opinion; back them up with references or personal experience.


          To learn more, see our tips on writing great answers.




          draft saved


          draft discarded














          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1174759%2fhow-to-explain-packet-loss-inside-vpn%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown





















































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown

































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown







          Popular posts from this blog

          Why not use the yoke to control yaw, as well as pitch and roll? Announcing the arrival of...

          Couldn't open a raw socket. Error: Permission denied (13) (nmap)Is it possible to run networking commands...

          VNC viewer RFB protocol error: bad desktop size 0x0I Cannot Type the Key 'd' (lowercase) in VNC Viewer...