OSX Finder very slow browsing shares via VPN
-
I'm not really familiar enough with OSX to do anything other than speculate. I would suggest that something is talking in the wrong protocol and it has to time out before trying something else. That could be OSX asking for the folder list the wrong way or your samba server sending the list incorrectly.
Steve
-
Thanks for your suggestion, I will look into it!
-
I am having the same problem.
Browsing my FreeBSD samba shares withing my network (192.168.2.0/24) is not a problem for either Windows7 or Mac OS X 10.9.2 Mavericks.When I use OpenVPN (configuration from pfsense router below), Windows7 is not a problem. However on the Mac browsing using Tunnelblick there is a problem with the Finder. It will list the top level but I can not click through to subdirectories on the cifs share.
I am using smbv1 on the Mac and have tried all the options, on the Mac, in /etc/nsmb.conf that have been suggested, with no success. The most common suggestion, which I have stay with to force smb version 1, has been
[default] smb_neg=smb1_onlyIt's interesting that using a terminal, and doing a "find", there is no problem on the Mac. It's something about the Finder.
Here is the current config on pfsense
# cat /var/etc/openvpn/server1.conf dev ovpns1 dev-type tun tun-ipv6 dev-node /dev/tun1 writepid /var/run/openvpn_server1.pid #user nobody #group nobody script-security 3 daemon keepalive 10 60 ping-timer-rem persist-tun persist-key proto udp cipher AES-128-CBC up /usr/local/sbin/ovpn-linkup down /usr/local/sbin/ovpn-linkdown client-connect /usr/local/sbin/openvpn.attributes.sh client-disconnect /usr/local/sbin/openvpn.attributes.sh local 98.253.143.84 tls-server server 192.168.33.0 255.255.255.0 client-config-dir /var/etc/openvpn-csc username-as-common-name auth-user-pass-verify /var/etc/openvpn/server1.php via-env tls-verify /var/etc/openvpn/server1.tls-verify.php lport 1194 management /var/etc/openvpn/server1.sock unix max-clients 5 push "route 192.168.2.0 255.255.255.0" push "dhcp-option DNS 192.168.2.1" ca /var/etc/openvpn/server1.ca cert /var/etc/openvpn/server1.cert key /var/etc/openvpn/server1.key dh /etc/dh-parameters.1024 tls-auth /var/etc/openvpn/server1.tls-auth 0 comp-lzo persist-remote-ip float topology subnet route 192.168.2.0 255.255.255.0 # uname -r 8.3-RELEASE-p11 # cat /etc/version 2.1-RELEASEIf anyone gets' this solved I would appreciate it.
-
I am having the same problem.
Browsing my FreeBSD samba shares withing my network (192.168.2.0/24) is not a problem for either Windows7 or Mac OS X 10.9.2 Mavericks.When I use OpenVPN (configuration from pfsense router below), Windows7 is not a problem. However on the Mac browsing using Tunnelblick there is a problem with the Finder. It will list the top level but I can not click through to subdirectories on the cifs share.
I am using smbv1 on the Mac and have tried all the options, on the Mac, in /etc/nsmb.conf that have been suggested, with no success. The most common suggestion, which I have stay with to force smb version 1, has been
If anyone gets' this solved I would appreciate it.
So browsing while on LAN segment is OK, but as a road warrior (I guess) using OpenVPN you have problems?
What ports do you have open on pfSense? Typically you need to allow udp ports 137 and 138, and tcp ports 139 and 445 to pass.
It's interesting that using a terminal, and doing a "find", there is no problem on the Mac. It's something about the Finder
I'm not too familiar with Macs; is find like the unix find, or is it related to network browsing?
-
So, I am updating my notes on browsing above
When I use OpenVPN, Windows7 is not a problem. However on the Mac browsing using Tunnelblick there is a problem with the Finder. It will list the top level but I can not click through to subdirectories on the cifs share.
I turned up logging on the samba shares, and I see that the Mac Finder is very chatty, opening and closing every file. So, I reasoned, and I now believe, that my OpenVPN configuration is okay. And, the real problem is that the Mac Finder is so chatty, and it doesn't return and display, because it's still busy opening and closing files.
To confirm this, I created a cifs share with a few files and a few folders, and browsed this with my Mac client, through OpenVPN and that was no problem.
And, as I read the Mac forums, regarding Mac 10.9.x, there are a lot of people reporting "Finder is slow", not just on cifs. So, at this point my focus is on finding a way to make the Finder less chatty on cifs, or to find an alternate to Finder. Additionally, I believe I can mount subfolders within the cifs, on the Mac, and perhaps get to them quicker, without having to browse through the parent directories.
Thanks for your response, charliem. If I figure out anything on the Mac to make it less chatty I'll try to remember to post here. For now, pfSense/OpenVPN is perfect. – johnedstone
Followup:
I installed Xfile (http://rixstep.com/4/0/xfile/), a faster application than the Mac Finder. As advertised this was faster, and my cifs/samba shares are now browsable through OpenVPN using Xfile. So, as noted above ,this problem, in my mind, is the slowness of the Mac Finder. This may be a bug in 10.9.2 I'm waiting to see if Apple "fixes" this in the future. -
I don't think this has anything to do with pfSense. I have only started using Macs on my network in the last few months so I can only speak for OSX 10.9.x. I have 3 macs running Mavericks and finder is slow for Samba shares on all of them. I have a few Linux and Windows hosts that are very speedy via Samba though. It seems finder in 10.9.x and possibly earlier versions just doesn't like CIFS/Samba shares.
My solution was to setup netatalk which uses Apple's AFP protocol for file sharing. Finder is just as fast or faster than my non-OSX machines when AFP is available. Your Mac will automatically prefer AFP over Samba if it is available and if you have Avahi running with netatalk then there will be zero configuration necessary (your server will magically appear in Finder). You can also use a lot more Apple features with an AFP share, like time machines and with netatalk integration between spotlight (Mac's file indexer) and tracker (Linux's file indexer) for much faster searching. Though, I can't speak for how well XFile works in comparison as I have never tried it.
You mentioned OpenVPN so I think it is worth mentioning that mDNS/Avahi/Bonjour/ZeroConf (whatever you like calling it) won't work out of the box through an OpenVPN tunnel with pfSense. So you will have to manually connect if it is the case that you are attempting to access your AFP share via OpenVPN. This is what led me to your post. It should be possible to forward mDNS between pfSense LANs and OpenVPN client hosts, but I haven't been able to figure it out yet. There seems to be a lot of talk and simple solutions for forwarding mDNS router-to-router, but not router-to-a single client host, but I digress.
-
Just wanted to chime in and say that we are experiencing the same issues. It's indeed a bit better over AFP and even better when connected to a native OS X file server (probably thanks to HFS+ and compression). As others have said - the Finder is probably the main culprit - you can kind of see it with Wireshark - Finder opening files and folders even when you don't click anything.
So yeah, def. not a pfSense issue, but an issue nonetheless. :)
-
Reviving this topic to report my findings.
I just called Apple Support today to investigate this issue. Our scenario is a Mac Mini running 10.10.2 connecting via OpenVPN to a SMB file share off of FreeNAS. When the AFP protocol is used, it connects immediately. When we move to the SMB protocol….crickets....user auth window, click "Guest"....spinning wheel....crickets....ERROR.
During my discussion with Apple Enterprise level support, they said that this is an active issue that the engineers are currently investigating. While it was confirmed as a known bug, there obviously isn't an ETA for this fix. I told them my frustration was that (based off of the date stamps in this thread) this issue has been ongoing for the almost a year now. He apologized but reiterated that a fix was coming.
In the meantime, I now have to get a NAS appliance with AFP support because of that unknown ETA. I hope this information helps anyone else that may be in the same situation.
-
Thanks for reporting that.
Have you tried to use something other than finder? Like Xfile as reported above?Steve
-
Yeah, no problem. To answer your question: No, I did not. The Mac Mini was the client's machine.
