hosted by liquidweb


Go Back   Web Hosting Talk : Web Hosting Main Forums : Hosting Security and Technology : Optimal MTU for Internet VPN
Reply

Forum Jump

Optimal MTU for Internet VPN

Reply Post New Thread In Hosting Security and Technology Subscription
 
Send news tip View All Posts Thread Tools Search this Thread Display Modes
  #1  
Old
Newbie
 
Join Date: Oct 2009
Posts: 28

Optimal MTU for Internet VPN


Hi,

I am running a linux - Centos 5.4 server with PPTPd.
Users are able to connect to my server and surf the web.
However download speed are very slow (0.5MB on a 5MB line).
The server has a 1Gig connection to the internet sop bandwidth is not an issue.

I was wondering what may be the reason for this and came to think of MTU size.
So what is the optimal MTU size for a pptp vpn?
Or is there any other possible causes for severe speed degradation?

I'm attaching current server configurations:
/etc/ppp/options.pptpd:
Code:
mtu 1428
name pptpd
refuse-pap
refuse-chap
refuse-mschap
require-mschap-v2
require-mppe-128
ms-dns 8.8.8.8
noproxyarp
nobsdcomp
novj
novjccomp
nologfd
asyncmap 0
crtscts
/etc/ppp/ip-up.local:
Code:
/sbin/ip l s $1 mtu 1476
/sbin/ip l s $1 multicast off
/sbin/ip l s $1 allmulticast off
iptables -L -t filter:
Code:
[root@30134 ~]# iptables -L -t filter
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:pptp

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
TCPMSS     tcp  --  anywhere             anywhere            tcp flags:SYN,RST/SYN TCPMSS clamp to PMTU
Please help!
Thanks,
J.



Sponsored Links
  #2  
Old
Temporarily Suspended
 
Join Date: Jan 2010
Posts: 28
Hi

Whats the output from mii-tool or ethtool eth0 (or which ever interface connects to the internet)

and the two locations ie server and person downloading, where are they ?

It maybe that the server is connected at Gige but the route in between maybe so bad that the max speed is only as good as those poor routes.

Also has it always been this way ? or just recently maybe after an upgrade.

Thanks

  #3  
Old
Web Hosting Master
 
Join Date: Apr 2003
Location: NC
Posts: 2,971
A larger MTU is good for large files and fast speeds. It sounds like your users are probably on slower connections so you will be better off with a lower MTU. As far as the optimal, I don't know, you could try a few different ones and see if it helps.

You may also look at the sysctl.conf and changing the buffers.

It may also be something with which you can do little about if the users are far away it may just be a limit of the ISPs between. Even if it didn't happen after an upgrade if its one specific group of users it might have been a route changed to a less optimal one for your situation.

__________________
John W, CISSP, C|EH
MS Information Security and Assurance
ITEagleEye.com - Server Administration and Security
Yawig.com - Managed VPS and Dedicated Servers with VIP Service

Sponsored Links
  #4  
Old
Aspiring Evangelist
 
Join Date: Oct 2009
Posts: 394
tcpdump will tell you if the MTU is indeed the problem or not. (Look for the F or fragmentation flag.)

Also check with your users that they are using their PC to connect to the VPN, not a WiFi router. Most home/soho routers lack the CPU power to do encryption at high speeds.

BTW, why did you turn off compression?

  #5  
Old
Newbie
 
Join Date: Oct 2009
Posts: 28
Quote:
Originally Posted by eth00 View Post
A larger MTU is good for large files and fast speeds. It sounds like your users are probably on slower connections so you will be better off with a lower MTU. As far as the optimal, I don't know, you could try a few different ones and see if it helps.

You may also look at the sysctl.conf and changing the buffers.

It may also be something with which you can do little about if the users are far away it may just be a limit of the ISPs between. Even if it didn't happen after an upgrade if its one specific group of users it might have been a route changed to a less optimal one for your situation.
1. I'm actually not sure its an MTU issue. I'm just guessing.
2. I have increased the buffers and the window sizes.
3. The ISPs are fine. I am able to download a file from the same server (the one that is used for the VPN) with fast speeds. while Via VPN it reaches around 10% of the orig. speed.

  #6  
Old
Newbie
 
Join Date: Oct 2009
Posts: 28
Quote:
Originally Posted by zzhosting View Post
Hi

Whats the output from mii-tool or ethtool eth0 (or which ever interface connects to the internet)

and the two locations ie server and person downloading, where are they ?

It maybe that the server is connected at Gige but the route in between maybe so bad that the max speed is only as good as those poor routes.

Also has it always been this way ? or just recently maybe after an upgrade.

Thanks
[root@atlanta ~]# ethtool eth0
Settings for eth0:
Link detected: yes

- The server is in the US and the clients are all over the world.
- The speed is considerably lower then the route speed between clients and server. Windows clients consistently get speeds around 10% of their connection. Linux clients are doing better.

This happened after a reboot. But no upgrades. Before reboot all worked great.

  #7  
Old
Newbie
 
Join Date: Oct 2009
Posts: 28
Quote:
Originally Posted by xnpu View Post
tcpdump will tell you if the MTU is indeed the problem or not. (Look for the F or fragmentation flag.)

Also check with your users that they are using their PC to connect to the VPN, not a WiFi router. Most home/soho routers lack the CPU power to do encryption at high speeds.

BTW, why did you turn off compression?

I'm looking at tcpdump captures with wireshark, there are no F flags (the MTU is lower then 1400-Len(GRE)).

Regarding compression - i was under the impression that it needs a special kernel module or something of that sort. Am I wrong?

Reply

Similar Threads
Thread Thread Starter Forum Replies Last Post
FireWallSkip - VPN - Get Anonymous Internet stuartornum Other Hosting Offers 7 11-15-2007 04:57 PM
vpn access to internet help_james84 Dedicated Server 4 11-18-2005 04:00 AM
vpn access to internet help_james84 Hosting Security and Technology 2 11-17-2005 10:33 PM
vpn access to internet help_james84 VPS Hosting 2 11-17-2005 06:44 PM

Related posts from TheWhir.com
Title Type Date Posted
Ericsson Buys Sentilla, Enhancing Its Hybrid Cloud Management, Monitoring and Analytics Capabilities Web Hosting News 2014-10-17 15:22:14
Equinix and Microsoft Partner to Bring Microsoft Azure ExpressRoute to 16 Global Markets Web Hosting News 2014-04-22 10:52:33
NTT Communications to Launch SDN-based Cloud Migration Service Web Hosting News 2013-06-27 11:50:00
12 Reasons to Join the Internet Infrastructure Coalition (i2Coalition): What you get and Why it matters. Webinars 2014-06-10 11:06:27
Interactive Map of the Internet App Shows How Networks Connect in 3D Blog 2013-03-06 12:06:20


Tags
mtu, pptpd, vpn

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Postbit Selector

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Forum Jump
Login:
Log in with your username and password
Username:
Password:



Forgot Password?
WHT Host Brief Email:

We respect your privacy. We will never sell, rent, or give away your address to any outside party, ever.

Advertisement:
Web Hosting News:
WHT Membership
WHT Membership



 

X

Welcome to WebHostingTalk.com

Create your username to jump into the discussion!

WebHostingTalk.com is the largest, most influentual web hosting community on the Internet. Join us by filling in the form below.


(4 digit year)

Already a member?