MTU issues should affect all files, not just small like you say.
BTW, why do you have "reneg-sec 28800"? Is that a SWEET32 mitigation? If so, current server and client software is not vulnerable.
I had password prompts every hour on old openVPN desktop client - that's why I added it. Not sure if it's needed for openVPN GUI which I'm using now. This shouldn't affect performance though.
I'm back on it...The connection is stable but performance is poor when clients connect via WiFi or mobile connection. Now I understand the problem with mobile connection but WiFi used for testing is OK -> 10Mbps Downstream / 6Mbps Upstream, very stable, no other clients connected to the WiFi. The server side connection is 60Mbps / 20Mbps.
The issue is that speed drops to few kb/s when connected via Wifi and copying a folder containing e.g. 200 small files (101MB total) which I find strange. Another example is launching a software that relies on data stored on a shared drive - it gets painfully slow as it needs to load data from many smaller files.
Iperf test on that connection:
local 192.168.2.1 port 5001 connected with 10.8.0.6 port 50079
[ 4] 0.0-12.4 sec 8.66 MBytes 5.85 Mbits/sec
All seems to be good for large files - no problems, the speed is what you expect. Transferring smaller files is a completely different story - it just gets very slow.
This is sample config I'm using:
I have also created QoS rule for 1194 ports inbound and outbound but that did not help.
Suggestions to the problem would be very welcome.
I'm trying to set up Sentinel RMS server on our 7.5 server.
I can only execute 64 binaries though - start and stop the service. When I try to execute 32bit binaries I get e.g. ./lslic :
Google search points me to "glibc.i686.rpm" package needed but it's not available under ClearOS. Only the following are:
I found the package on https://centos.pkgs.org/7/centos-x86_64/glibc-2.17-222.el7.i686.rpm.html
But when I run "yum install http://mirror.centos.org/centos/7/os/x86_64/Packages/glibc-2.17-222.el7.i686.rpm" I get:
"yum provides libfreebl3.so" gives "No matches found". Another Google search pointed me to " nss-softokn-freebl.x86_64" package that supposedly includes the dependency needed but it's already installed on our server. At this point I don't know what to do...
Many thanks, Nick.
I disabled the 3 custom rules, added "float" to .ovpn files, added "multihome", "push "redirect-gateway def1 bypass-dhcp"" to /etc/openvpn/clients.conf and disabled the UDP 1194 port destination rules - will do some testing now to see how it all works.
We need rock stable openVPN with routing all traffic via our network for our new project.
Let me very briefly describe the config - 7.5 set as gateway with multi-wan (2 fibre connections).
enp4s0 (backup) - Weight 1
enp5s0 - Weight 100
We also have Destination Port Rule for UDP 1194 to go through enp5s0, and a disabled rule for UDP 1194 to go through enp4s0 (so it's easy to enable when something goes wrong).
push "redirect-gateway def1"
We also added "reneg-sec 28800" to the server side and client side config.
All seems to work nicely...But I have also came across this article:
that advises to add 3 custom firewall rules
iptables -A FORWARD -i eth0 -o tun0 -m state --state RELATED,ESTABLISHED -j ACCEPT # Allow VPN client traffic back in if established
iptables -A FORWARD -i tun0 -o eth0 -j ACCEPT # Allow VPN clients out
iptables -t nat -I POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE # nat for VPN
Do we need this (with enp5s0 instead of eth0 for our server) or it's an outdated documentation? I have added those rules but it seems to work with them or without them correctly during my short tests.
Anyone tried to share a printer on domain members running W10 1803 (1507 domain joined then upgraded to 1803)?.The client is visible, but can't be accessed most of the time...
I have managed to sort it out -> the client used static IP config (with WINS), I switched to DHCP and the client can be accessed now.
Anyone tried to share a printer on domain members running W10 1803 (1507 domain joined then upgraded to 1803)? I have one Zebra label printer connected to a client via USB and then shared to others.
I tried many things but couldn't get it to work reliably...3rd party firewall uninstalled, Windows firewall disabled and I get 95 times out of 100 "Could connect to \\client-name" message when accessed under Network. SMB1 added via Add/Remove Windows features....I have "Function Discovery Provider Host" and "Function Discovery Resource Publication" services enabled and set to Automatic (Delayed Start), but that for some reason doesn't solve the issue completely...The client is visible, but can't be accessed most of the time...