The curl command is not working correctly

stephenw10 · Aug 14, 2024, 6:36 PM

Are those showing bits or bytes there?

How are you testing across the tunnel? Also with iperf?

G_Costa · Aug 14, 2024, 7:30 PM

@stephenw10 said in The curl command is not working correctly:

How are you testing across the tunnel? Also with iperf?

Reply

It's Bytes

This is on the tunnel and the ips are:
10.0.8.1 -> OpenVPN remote Tunnel
10.0.8.2 -> OpenVPN local Tunnel

stephenw10 · Aug 15, 2024, 5:36 PM

Hmm, how is the tunnel configured? Is it using UDP? There are a lot of retries there, it could be an MTU issue.

Sometime the openvpn interface does not behave as expected when used directly or services like that. Try using an internal IP as source if you can. Though in a bridge it shouldn't really matter.

G_Costa · Aug 15, 2024, 5:36 PM

@stephenw10 Yes UDP, there's all the configurations:

--

stephenw10 · Aug 15, 2024, 8:19 PM

You should set AES-GCM and enable UDP Fast I/O for better performance there.

However that isn't going to get you to the full rate there.

You are seeing ~15ms across the tunnel?

Did you bump the state table size?

G_Costa · Aug 16, 2024, 10:01 PM

@stephenw10

Remote pf:

Local pf:

stephenw10 · Aug 17, 2024, 3:55 PM

Those images are too small to read I think.

G_Costa · Aug 17, 2024, 3:55 PM

@stephenw10 Im trying to send them as image instead of attachment but they are too large, do you mind if i send them with imgur?
https://imgur.com/a/7CqmzkO

stephenw10 · Aug 17, 2024, 7:45 PM

Mmm, OK so no significant difference to throughput. I assume neither side shows any CPU cores at 100%?

I would try setting a lower MSS value and see if that makes any difference. If it does try to fins the actual tunnel MTU with some large pings.
Packet fragmentation across the tunnel can cause significant throttling.

G_Costa · Aug 19, 2024, 1:58 PM

@stephenw10

While downloading:

While uploading:

MSS -> 576 -> OpenVPN interface and bridge

MSS -> 1152

MSS -> 2304

MSS -> 4608

About the MTU i cant change on the interfaces because it says "This interface is a bridge member, its MTU is controlled by its parent bridge interface."

stephenw10 · Aug 19, 2024, 2:17 PM

Hmm, Ok so it looks you are hitting a CPU limit on the upload with a single core at 100%.

Try MSS values at, say, 1400 and 1300. However with bridging in play normal fixes like that can fail since there's no routing....

G_Costa · Aug 19, 2024, 2:48 PM

@stephenw10
MSS 1300 Downloading:

MSS 1300 Uploading:

MSS 1400 Downloading:

MSS 1400 Uploading:

While uploading some cores go to 100% but the speed is good but when downloading the cores dont go to 100% and the speed is low

stephenw10 · Aug 19, 2024, 3:46 PM

Hmm, well I'd try a packet capture on the tunnel and see if the download is being fragmented or there are retransmissions etc.