[OpenWireless Tech] openvpn bandwith throttling?

[Christian Huitema]

> Here's a suggestion... in vpn-only case the APs all issue the same BSSID
and have
> the same logical connection in NetworkManager or whatever.
> Just set it to 500 there and 500 in all the compatible APs.  The cost of
running
> too low a mtu is just the ratio of UDP/IP headers to data increases, so
efficiency
> takes a little hit.  But all those problems mentioned above disappear.

The IPv6 minimum MTU is 1280 bytes. Settling on 500 would be somewhat
suboptimal.

But really, John is right. VPN Is not free. We should not assume tunneling
by default, as "tunneling in the middle" results in all kinds of operational
problem. VPN does work OK if the VPN starts from the client. VPN from the AP
is likely to cause serious reliability issues. John experienced that with
Linux, but we had pretty much the same experience in Windows Networking,
with all kinds of weird failure happening when routers decided to restrict
the packet size below what was advertised by the first hop link. We saw the
exact same problems with PPPoE. The host will connect to a web service, and
declare in TCP an MTU of 1500 bytes, as advertised on the local Ethernet
connection. The connection will proceed because HTTP GET is a short packet,
but the web server will try to actually send with the MTU of 1500, the
packet will be dropped by the DSL/PPPoE router, the ICMP will either not be
sent or be dropped by a firewall, and the connection would fail.

It is one of those theory and practice things. In theory, MTU discovery
works and you can use whatever tunneling you want. In practice, not so much.


-- Christian Huitema