Results 1 to 7 of 7
Thread: Optimal MTU for Internet VPN
-
09-29-2010, 07:45 AM #1Newbie
- Join Date
- Oct 2009
- Posts
- 28
Optimal MTU for Internet VPN
Hi,
I am running a linux - Centos 5.4 server with PPTPd.
Users are able to connect to my server and surf the web.
However download speed are very slow (0.5MB on a 5MB line).
The server has a 1Gig connection to the internet sop bandwidth is not an issue.
I was wondering what may be the reason for this and came to think of MTU size.
So what is the optimal MTU size for a pptp vpn?
Or is there any other possible causes for severe speed degradation?
I'm attaching current server configurations:
/etc/ppp/options.pptpd:
Code:mtu 1428 name pptpd refuse-pap refuse-chap refuse-mschap require-mschap-v2 require-mppe-128 ms-dns 8.8.8.8 noproxyarp nobsdcomp novj novjccomp nologfd asyncmap 0 crtscts
Code:/sbin/ip l s $1 mtu 1476 /sbin/ip l s $1 multicast off /sbin/ip l s $1 allmulticast off
Code:[root@30134 ~]# iptables -L -t filter Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT tcp -- anywhere anywhere tcp dpt:pptp Chain FORWARD (policy ACCEPT) target prot opt source destination TCPMSS tcp -- anywhere anywhere tcp flags:SYN,RST/SYN TCPMSS clamp to PMTU
Thanks,
J.
-
09-29-2010, 02:51 PM #2Temporarily Suspended
- Join Date
- Jan 2010
- Posts
- 28
Hi
Whats the output from mii-tool or ethtool eth0 (or which ever interface connects to the internet)
and the two locations ie server and person downloading, where are they ?
It maybe that the server is connected at Gige but the route in between maybe so bad that the max speed is only as good as those poor routes.
Also has it always been this way ? or just recently maybe after an upgrade.
Thanks
-
09-30-2010, 09:59 AM #3Web Hosting Master
- Join Date
- Apr 2003
- Location
- NC
- Posts
- 3,093
A larger MTU is good for large files and fast speeds. It sounds like your users are probably on slower connections so you will be better off with a lower MTU. As far as the optimal, I don't know, you could try a few different ones and see if it helps.
You may also look at the sysctl.conf and changing the buffers.
It may also be something with which you can do little about if the users are far away it may just be a limit of the ISPs between. Even if it didn't happen after an upgrade if its one specific group of users it might have been a route changed to a less optimal one for your situation.John W, CISSP, C|EH
MS Information Security and Assurance
ITEagleEye.com - Server Administration and Security
Yawig.com - Managed VPS and Dedicated Servers with VIP Service
-
09-30-2010, 05:12 PM #4Aspiring Evangelist
- Join Date
- Oct 2009
- Posts
- 416
tcpdump will tell you if the MTU is indeed the problem or not. (Look for the F or fragmentation flag.)
Also check with your users that they are using their PC to connect to the VPN, not a WiFi router. Most home/soho routers lack the CPU power to do encryption at high speeds.
BTW, why did you turn off compression?
-
09-30-2010, 06:37 PM #5Newbie
- Join Date
- Oct 2009
- Posts
- 28
1. I'm actually not sure its an MTU issue. I'm just guessing.
2. I have increased the buffers and the window sizes.
3. The ISPs are fine. I am able to download a file from the same server (the one that is used for the VPN) with fast speeds. while Via VPN it reaches around 10% of the orig. speed.
-
09-30-2010, 06:41 PM #6Newbie
- Join Date
- Oct 2009
- Posts
- 28
[root@atlanta ~]# ethtool eth0
Settings for eth0:
Link detected: yes
- The server is in the US and the clients are all over the world.
- The speed is considerably lower then the route speed between clients and server. Windows clients consistently get speeds around 10% of their connection. Linux clients are doing better.
This happened after a reboot. But no upgrades. Before reboot all worked great.
-
09-30-2010, 06:43 PM #7Newbie
- Join Date
- Oct 2009
- Posts
- 28
Similar Threads
-
FireWallSkip - VPN - Get Anonymous Internet
By stuartornum in forum Other Hosting OffersReplies: 7Last Post: 11-15-2007, 04:57 PM -
vpn access to internet
By help_james84 in forum Dedicated ServerReplies: 4Last Post: 11-18-2005, 04:00 AM -
vpn access to internet
By help_james84 in forum Hosting Security and TechnologyReplies: 2Last Post: 11-17-2005, 10:33 PM -
vpn access to internet
By help_james84 in forum VPS HostingReplies: 2Last Post: 11-17-2005, 06:44 PM