Re: OpenVPN 2.1_rc13 released

Felix Kronlage wrote:
> On Thu, Oct 09, 2008 at 02:24:39AM -0600, James Yonan wrote:
> 
> Hi Yonan,
> 
>> Changelog:
>> 2008.10.07 -- Version 2.1_rc13
>> * Bundled OpenSSL 0.9.8i with Windows installer.
>> * Management interface can now listen on a unix
>>    domain socket, for example:
>>
>>      management /tmp/openvpn unix
>>
>>    Also added management-client-user and management-client-group
>>    directives to control which processes are allowed to connect
>>    to the socket.
> 
> what I dont quite understand is, why you add stuff like this to
> the release candidate instead of finally getting 2.1 out of the
> door and then make small subsequent releases. OpenVPN has been
> stuck (imho) for way too long in the RC phase now entering the
> infamous game of not just adding new stuff to RC's but instead
> introducing bugs in the RCs instead of just closing them...

It's a good question that deserves a full answer.

I'll agree with anyone that it's taken longer than expected to get 2.1 
final out the door.  But I would encourage you to take a look at the 
commit log for 2008, and you will see that the changes predominantly 
address fixes.

Re: [patch] enhance compatibility with HTTP/1.1 proxies

Frank Behrens wrote:
> May I propose the following patch to enhance openvpn's compatibility 
> with HTTP/1.1 proxies?
> See
> http://tools.ietf.org/html/rfc2616#section-14.23
> and
> http://tools.ietf.org/html/rfc2817#section-5.2
> 
> --- proxy.c.orig	2008-10-06 09:22:20.000000000 +0200
> +++ proxy.c	2008-10-27 13:30:48.000000000 +0100
>  <at>  <at>  -348,6 +348,12  <at>  <at> 
>    if (!send_line_crlf (sd, buf))
>      goto error;
>  
> +  /* send Host: header */
> +  openvpn_snprintf (buf, sizeof(buf), "Host: %s:%d",
> +		    host, port);
> +  if (!send_line_crlf (sd, buf))
> +    goto error;
> +
>    /* send User-Agent string if provided */
>    if (p->options.user_agent)
>      {

Shouldn't you check p->options.http_version and make sure it's >= 1.1 
before sending the Host header?

James

-------------------------------------------------------------------------

Re: [patch] enhance compatibility with HTTP/1.1 proxies

James Yonan schrieb:
> Frank Behrens wrote:
>> May I propose the following patch to enhance openvpn's compatibility 
>> with HTTP/1.1 proxies?
>> See
>> http://tools.ietf.org/html/rfc2616#section-14.23
>> and
>> http://tools.ietf.org/html/rfc2817#section-5.2
>>
>> --- proxy.c.orig    2008-10-06 09:22:20.000000000 +0200
>> +++ proxy.c    2008-10-27 13:30:48.000000000 +0100
>>  <at>  <at>  -348,6 +348,12  <at>  <at> 
>>    if (!send_line_crlf (sd, buf))
>>      goto error;
>>  
>> +  /* send Host: header */
>> +  openvpn_snprintf (buf, sizeof(buf), "Host: %s:%d",
>> +            host, port);
>> +  if (!send_line_crlf (sd, buf))
>> +    goto error;
>> +
>>    /* send User-Agent string if provided */
>>    if (p->options.user_agent)
>>      {
>
> Shouldn't you check p->options.http_version and make sure it's >= 1.1 
> before sending the Host header?
>
> James

Re: [WINDOWS] Request for test win64

Hello All,

Can anyone check the performance of this [1] win64 openvpn build?

It contains less assembly code, but C optimization may be better on 64bit.

So you may gain some performance... But it needs to be checked.

Alon

[1] http://alon.barlev.googlepages.com/openvpn-win64.tar.bz2

-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/

Re: [WINDOWS] Request for test win64

How does one check performance?  Run throughput tests through the VPN 
connection in a controlled environment?

> -----Original Message-----
> From: Alon Bar-Lev [mailto:alon.barlev <at> gmail.com]
> Sent: Wednesday, 05 November, 2008 15:17
> To: Jason R. Coombs
> Cc: openvpn devel
> Subject: Re: [Openvpn-devel] [WINDOWS] Request for test win64
>
> Hello All,
>
> Can anyone check the performance of this [1] win64 openvpn build?
>
> It contains less assembly code, but C optimization may be better on
> 64bit.
>
> So you may gain some performance... But it needs to be checked.
>
> Alon
>
> [1] http://alon.barlev.googlepages.com/openvpn-win64.tar.bz2

-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/

Building against the FIPS 140-2 validated version of OpenSSL.

-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/

_______________________________________________
Openvpn-devel mailing list
Openvpn-devel <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Re: [WINDOWS] Request for test win64

Yes.
I think that there are people here who do this for fun... :)
The question is if there is someone with amd64 machine that can
compare previous tests to tests with this version.

Thanks!

On 11/5/08, Jason R. Coombs <jaraco <at> jaraco.com> wrote:
> How does one check performance?  Run throughput tests through the VPN
>  connection in a controlled environment?
>
>
>  > -----Original Message-----
>  > From: Alon Bar-Lev [mailto:alon.barlev <at> gmail.com]
>
> > Sent: Wednesday, 05 November, 2008 15:17
>  > To: Jason R. Coombs
>  > Cc: openvpn devel
>  > Subject: Re: [Openvpn-devel] [WINDOWS] Request for test win64
>  >
>
> > Hello All,
>  >
>  > Can anyone check the performance of this [1] win64 openvpn build?
>  >
>  > It contains less assembly code, but C optimization may be better on
>  > 64bit.
>  >
>  > So you may gain some performance... But it needs to be checked.
>  >
>  > Alon
>  >
>  > [1] http://alon.barlev.googlepages.com/openvpn-win64.tar.bz2
>
>

-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/

Re: OpenVPN 2.1_rc13 released

On Tue, Nov 04, 2008 at 11:24:51AM -0700, James Yonan wrote:

Hi Yonan,

> It's a good question that deserves a full answer.
[...]

thanks Yonan for taking the time to answer and clarify!
Much appreciated!

felix

-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/

_______________________________________________
Openvpn-devel mailing list
Openvpn-devel <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Re: [WINDOWS] Request for test win64

I ran some tests.  I'm new at this, so bear with me.

I set up a new server configuration following the 2.0 HOWTO on openvpn.net.

The server machine is a Windows Vista Ultimate 64-bit on an Intel QX6700 (quad 
core extreme 2.66GHz) and 8GB RAM.  The client is an Ubuntu Hardy 64-bit 
virtual machine running under VMWare Workstation 6.5 (server is the vm host) 
using bridged networking.

On the client, I installed netserver from netperf-2.4.4 and openvpn-2.1rc7 
with network-manager-openvpn.  I configured the client with the certificates 
created when following the HOWTO.

I then performed three test phases, first with the server running 2.1rc13 
(32-bit), then with the server running the 64-bit test build, then again with 
the server running 2.1rc13 (32-bit). In each phase, I ran netperf three times 
from the server, specifying the client VPN address.  Here are the results:

***
*** rc13 32-bit server
***

PS C:\Users\jaraco> netperf -H 10.8.0.6
TCP STREAM TEST to 10.8.0.6
Recv   Send    Send
Socket Socket  Message  Elapsed
Size   Size    Size     Time     Throughput
bytes  bytes   bytes    secs.    10^6bits/sec

   256   8192   8192    10.00       3.24
PS C:\Users\jaraco> netperf -H 10.8.0.6
TCP STREAM TEST to 10.8.0.6
Recv   Send    Send
Socket Socket  Message  Elapsed
Size   Size    Size     Time     Throughput
bytes  bytes   bytes    secs.    10^6bits/sec

   256   8192   8192    10.00       3.20
PS C:\Users\jaraco> netperf -H 10.8.0.6
TCP STREAM TEST to 10.8.0.6
Recv   Send    Send
Socket Socket  Message  Elapsed
Size   Size    Size     Time     Throughput
bytes  bytes   bytes    secs.    10^6bits/sec

   256   8192   8192    10.00       3.16

***
*** 64-bit test compile (server)
***

PS C:\Users\jaraco> netperf -H 10.8.0.6
TCP STREAM TEST to 10.8.0.6
Recv   Send    Send
Socket Socket  Message  Elapsed
Size   Size    Size     Time     Throughput
bytes  bytes   bytes    secs.    10^6bits/sec

   256   8192   8192    10.00       3.48
PS C:\Users\jaraco> netperf -H 10.8.0.6
TCP STREAM TEST to 10.8.0.6
Recv   Send    Send
Socket Socket  Message  Elapsed
Size   Size    Size     Time     Throughput
bytes  bytes   bytes    secs.    10^6bits/sec

   256   8192   8192    10.00       3.47
PS C:\Users\jaraco> netperf -H 10.8.0.6
TCP STREAM TEST to 10.8.0.6
Recv   Send    Send
Socket Socket  Message  Elapsed
Size   Size    Size     Time     Throughput
bytes  bytes   bytes    secs.    10^6bits/sec

   256   8192   8192    10.00       3.39

***
*** Again, repeat 32-bit server:
***

PS C:\Users\jaraco> netperf -H 10.8.0.6
TCP STREAM TEST to 10.8.0.6
Recv   Send    Send
Socket Socket  Message  Elapsed
Size   Size    Size     Time     Throughput
bytes  bytes   bytes    secs.    10^6bits/sec

   256   8192   8192    10.00       3.09
PS C:\Users\jaraco> netperf -H 10.8.0.6
TCP STREAM TEST to 10.8.0.6
Recv   Send    Send
Socket Socket  Message  Elapsed
Size   Size    Size     Time     Throughput
bytes  bytes   bytes    secs.    10^6bits/sec

   256   8192   8192    10.00       3.15
PS C:\Users\jaraco> netperf -H 10.8.0.6
TCP STREAM TEST to 10.8.0.6
Recv   Send    Send
Socket Socket  Message  Elapsed
Size   Size    Size     Time     Throughput
bytes  bytes   bytes    secs.    10^6bits/sec

   256   8192   8192    10.00       3.16

--- end tests ---

It appears as if the 64-bit build does have a 5-10% performance increase over 
the 32-bit build in this environment.

I hope these results are helpful.  Unfortunately, I don't have a testbed where 
I can configure two isolated, clean systems, which would probably result in 
more deterministic results.  Let me know if I can arrange the tests 
differently to highlight a particular aspect of the performance.

Regards,
Jason

> -----Original Message-----
> From: Alon Bar-Lev [mailto:alon.barlev <at> gmail.com]
> Sent: Wednesday, 05 November, 2008 15:53
> To: Jason R. Coombs
> Cc: openvpn devel
> Subject: Re: [Openvpn-devel] [WINDOWS] Request for test win64
>
> Yes.
> I think that there are people here who do this for fun... :)
> The question is if there is someone with amd64 machine that can
> compare previous tests to tests with this version.
>
> Thanks!
>
> On 11/5/08, Jason R. Coombs <jaraco <at> jaraco.com> wrote:
> > How does one check performance?  Run throughput tests through the VPN
> >  connection in a controlled environment?
> >
> >
> >  > -----Original Message-----
> >  > From: Alon Bar-Lev [mailto:alon.barlev <at> gmail.com]
> >
> > > Sent: Wednesday, 05 November, 2008 15:17
> >  > To: Jason R. Coombs
> >  > Cc: openvpn devel
> >  > Subject: Re: [Openvpn-devel] [WINDOWS] Request for test win64
> >  >
> >
> > > Hello All,
> >  >
> >  > Can anyone check the performance of this [1] win64 openvpn build?
> >  >
> >  > It contains less assembly code, but C optimization may be better
> on
> >  > 64bit.
> >  >
> >  > So you may gain some performance... But it needs to be checked.
> >  >
> >  > Alon
> >  >
> >  > [1] http://alon.barlev.googlepages.com/openvpn-win64.tar.bz2
> >
> >

-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/

_______________________________________________
Openvpn-devel mailing list
Openvpn-devel <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Re: [WINDOWS] Request for test win64

On 11/8/08, Jason R. Coombs <jaraco <at> jaraco.com> wrote:
<snip>
>
>  It appears as if the 64-bit build does have a 5-10% performance increase over
>  the 32-bit build in this environment.
>
>  I hope these results are helpful.  Unfortunately, I don't have a testbed where
>  I can configure two isolated, clean systems, which would probably result in
>  more deterministic results.  Let me know if I can arrange the tests
>  differently to highlight a particular aspect of the performance.
>
>  Regards,
>
> Jason

Great work!
Maybe someone else can also perform these tests so users will know if
they wish to use 64bit build?

Alon.

-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/