Menu
▾
▴
Re: [Openvpn-users] Samba performance and ICMP
|
From: Jan J. K. <ja...@ni...> - 2008-11-17 15:36:58
|
Hi Aleix, Aleix Dorca wrote: > Hi again, > > just to update the list on what I've found. > > I've set up another VPN server, but this time using L2TP over IPSEC > (OpenSWAN) using a similar routing like the one with OpenVPN. I've > seen that the problem also happens in that setup. The performance > copying files is horrible and I get the same: > > ICMP (dest unrch) (DF set) from VPNMachine to SambaMachine > > I guess then it has nothing to do with OpenVPN then, maybe Samba. > Searching Google I've seen that if you look for "Samba and VPN" > instead of OpenVPN the performance results are apolling... > > Maybe I'll try how WebDAV over VPN works in comparison. > > this sounds like a routing issue, not a Samba/WebDav issue (nor an OpenVPN issue , for that matter :-) ). The VPN machine is sending an ICMP (dest unreachable) back to the Samba machine because the Samba machine sent a packet to it that the VPN machine does not know how to handle... how is your network set up? are you using NATting at all? are the appropriate routes to and from the VPN machine and Samba machine set up? The very quick&dirty fix (just to see if this makes things work) is to use masquerading on your (Linux) VPN server: iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE (substitute the right device for eth0). Try using traceroute to see how packets are flowing to and from the Samba and VPN servers... HTH, JJK > El 17/11/2008, a las 14:45, Brett Serkez escribió: > >> On Mon, Nov 17, 2008 at 8:08 AM, Aleix Dorca <ad...@ud... >> <mailto:ad...@ud...>> wrote: >>> Recently we moved a Windows Server machine sharing folders to a Linux >>> with samba. From that moment users have been complaining that while >>> accessing the new server through openvpn causes no problems at all, >>> working with files and directories is extremely slow. >>> >> >> I'd be very interested in other responses, as I have seen this >> behavior, I've found a partial solution. >> >> I've found that Windows doesn't tune itself well for file sharing. I >> usually make these registry changes on the Windows sever and reboot: >> >> [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters] >> "Lmannounce"=dword:00000001 >> "MaxWorkItems"=dword:0000ffff >> "MaxRawWorkItems"=dword:00000200 >> "MaxThreadsPerQueue"=dword:0000ffff >> "InitWorkItems"=dword:00000200 >> "MaxFreeConnections"=dword:00000064 >> "MinFreeConnections"=dword:00000020 >> "MaxMpxCt"=dword:00004000 >> "SizReqBuf"=dword:0000ffff >> >> The above setting better maximize resources available to service SMB >> requests on the Windows Server machine. I'd be interested if others >> have found better settings, I researched these some time back. >> >> On Windows clients, I also disable TCP/IP NetBIOS helper which forces >> use of UDP vs. TCP SMB protocol (at least this is how I understood it >> when I did the initial research) which best aligns its self with the >> recommended OpenVPN UDP protocol. I'm presuming SAMBA has the same >> capability to turn off use of the optional TCP SMB protocol. >> |
