Forum Replies Created
I applied the QOS to the VPN00 interface, not the ETH01 interface.
I did leave things in routed mode.
By the traffic shaping graphs, it appears that the QOS is at least seeing the different classes of traffic I set up, but this didn’t help the ping delay at all.
I had set the icmp in the high priority category, but still am getting 500-1000 ms ping times over the vpn. 😥
I changed my configuration to a routed environment between eth0 (local net interface on both zeroshell firewalls) and vpn00 which talks to the opposite zeroshell firewall. I implemented QOS on routed packets only.
Again, pinging eth1 to eth1 (wan interface to wan interface on the zeroshell firewalls), I get 23 ms. Pinging anything through the vpn yields 900-1000ms!
I appreaciate any other ideas.
Would it be better to configure the QOS in a bridged network ???
(eth0 and vpn0 bridged) ?
I’ll try to put in a network diagram to show the configuration:
Internet-FW–Net A —SK1
Network B is a physical transport for a vpn connection of Net A to Net C.
SK = soekris 5501 fw’s running zsbeta12. A VPN tunnel has been established between the 2 5501’s, with a bridge on each SK1 to the VPN.
Traffic is measured by MRTG on the SK’s bridges and found to average 700kbs.
The routing has been set up so that any internet access on Net C goes to Net A, then out from Net A’s internet access. A download test from a PC on Net C shows a throughput of 2.1mbs. Ping from a pc on Net A to a pc on Net C through the VPN is about 700-1000ms, depending on traffic over the VPN. If there is little traffic on the vpn, this ping test shows about 40ms. A ping from SK1 to SK2 over Net B (therefore not through the vpn tunnel) consistently shows about 20-30 ms (no matter what traffic load over the vpn tunnel) – which is the expected delay through Net B.
I have to reduce the delay cost of the vpn down to 50ms or so.
Hope this info helps.
I am not using compression. I have even turned off encryption.
The ethernet interface specified for the tunnel only allows the traffic for the vpn tunnel and admin interface traffic – nothing else.
I have tested the link the vpn uses – and usually get about 3-4 mbs.
If fact, when I make a change and first bring up the link, the ping times I get are around 40ms – then as traffic over the vpn resumes, the ping times drop to 700-1000 ms.
Other traffic across this link shows the same effect – poor response to interactive traffic – sluggish response.
QOS for icmp won’t help everything else. I need to get the packet delays through the vpn down to the 40-50 ms range.
I also ended up reconfiguring. I was just hoping the restore would work.
I’m still curious what is used to create the binary file that is uuencoded.
tar ?, gzip ?
I would also like a zeroshell compilation with the soekris vpn board drivers!
This would help reduce the packet latency between vpn ends.
The ‘restore’ does not work!
According to the Soekris site, this is caused by a non-standard reaction on the CF card to some reset signal. Soekris claims that a ‘Sandisk’ CF card will not do this. I’m getting one to try and see if that fixes this problem.
I, too, am getting the ERROR 25 message when booting from my other-brand CF card.
I am not using a proxy.
I tried both IE and Firefox without any download accelerators.
The file is properly uuencoded – and I can uudecode the file which indicates that the downloaded file is fine.
The problem occurs when trying to restore the configuration.
I am always getting an error. I’ll have to write down the exact error message.
On the beta11 box, selected the profile, then did a ‘backup’.
The backup copied to the pc connected via the web admin interface.
Connected the pc to the beta12 box via the web admin interface.
On the beta12 box, selected the hda, then tried to do a ‘restore’.
I looked at the backup file and see that it is a uuencoded file. I can uudecode the file, but what kind of binary file do I end up with ?
Is this file a tar or gzip of the DB directory structure ??