Discussion list for Poptop, an open source implementation of PPTP (Point to Point Tunnelling Protocol), used for setting up VPNs ()

현옥 장 | 4 Feb 2008 11:54

Picon

Hello (Please Help me)

Hellow 
Please Help me 

I have a situation like this
Home1  ------ Internet -----      
                                            |      
Home2  -------Internet ----+---------  PopTop ---- Office LAN
                           |                | 
Home3  -------Internet ----+                       |                      
                                                                     |
                                                 Fedora Core 5  poptop RPM install
                                                Only One nic eth0  (Public.ip.add.109) public.gate.way.126
                                                The server has no internal network.    
pptpd.conf
localip 172.16.0.126
remoteip 172.16.0.1-40,172.16.1.1-40

chap-secrets
# Secrets for authentication using CHAP
# client        server  secret                  IP addresses
user1  * 1234   172.16.0.1
user2  *  1234   172.16.0.2
user3  *  1234   172.16.0.3
....
....
o_user1  * 1234   172.16.1.1
o_user2  *  1234   172.16.1.2
o_user3  *  1234   172.16.1.3
....
....

(Continue reading)

Mark L. Wise | 4 Feb 2008 19:43

Re: Hello (Please Help me)

I don't follow all that you are asking, but I think your chap-secrets
needs to list the poptop server ID in the second column and I usually
allow access from any IP for the connection, so the fourth column should
be "*" (unless you really want to limit access to the poptop server from
each of those stated addresses....

Also, for your iptables entries, the interface is ppp+ that you need to
allow traffic through....

I hope this helps,

Mark

현옥 장 wrote:
> Hellow 
> Please Help me 
>
> I have a situation like this
> Home1  ------ Internet -----      
>                                             |      
> Home2  -------Internet ----+---------  PopTop ---- Office LAN
>                            |                | 
> Home3  -------Internet ----+                       |                      
>                                                                      |
>                                                  Fedora Core 5  poptop RPM install
>                                                 Only One nic eth0  (Public.ip.add.109) public.gate.way.126
>                                                 The server has no internal network.    
> pptpd.conf
> localip 172.16.0.126
> remoteip 172.16.0.1-40,172.16.1.1-40

(Continue reading)

Charlie Brady | 4 Feb 2008 20:29

Re: Hello (Please Help me)


On Mon, 4 Feb 2008, [euc-kr] Çö¿Á Àå wrote:

> PLEASE HELP ME

What problem do you want help with? You have described your network setup, 
but haven't said what isn't working in the way that you want it to work. 
You also haven't described what you want to achieve.

You might find it useful to read this essay:

http://www.chiark.greenend.org.uk/~sgtatham/bugs.html

---
Charlie

-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/

현옥 장 | 5 Feb 2008 05:47

Picon

Hello ... proxy ARP error

My poptop  fedora core 5

pptpd.conf
localip 172.16.3.1
remoteip 172.16.0.1-100,172.16.1.1-100

My poptop  eth0  ==> IP alias Public IP xxx.xxx.xxx.2~100

tail -f /var/log/messages...
Cannot determine ethernet address for proxy ARP

pptpd.conf 
localip xxx.xxx.xxx.1
remoteip xxx.xxx.xxx.2~100

tail -f /var/log/messages....

NO error

      ________________________________________________________ 
180도 달라진 야후! 메일 - 여러 개의 메시지를 동시에 확인? 새로운 야후!
메일의 탭으로 가능해집니다.
http://kr.content.mail.yahoo.com/cgland

-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Poptop-server mailing list

(Continue reading)

Mark L. Wise | 5 Feb 2008 15:24

Performance questions....

Hello all!

I have a client who is asking about speed/performance over a VPN .vs. a LAN.

Do any of you have any input regarding this?

I know that this is dependent on connection speeds at the remote and 
local ISP, but, assuming T1 speeds on both ends, and a 1 Gb LAN, what 
kind of speed hit would we expect?  Would the VPN connection be 2-3 
times slower than the LAN?

Any thoughts would be appreciated.

Thanks!

Mark

--

-- 
Mark L. Wise

Alpha II Service, Inc.
1312 Epworth Ave
Reynoldsburg, Ohio 43068-2116
USA

Office: (614) 868-5033
Fax: (614) 868-1060
Email: mark <at> alpha2.com
WEB: www.alpha2.com

(Continue reading)

Gene Nazarov | 5 Feb 2008 15:49

Re: Performance questions....

Here's how I understand it:

VPN (or pptpd) connection is a basically a serial port over Ethernet. 

Long story short, maximum speed is basically this: 115,200 bps (that's
bits). Or roughly 90 KBps. The actual user experience will of course
vary since the transfer rate is highly dependant on 'compressiveness' of
the data coming through. For comparison, LAN is at least 100 Mbps (or 13
MBps give or take), and obviously much higher if you are dealing with 1
Gbps LAN speeds.

If you need faster tunnels, look into alternatives such as OpenVPN which
gives great results overall (or IPSec, though I'm not too familiar with
its speed).

If I'm wrong in my understanding, someone would be sure to correct me of
course ;).

-----Original Message-----
From: poptop-server-bounces <at> lists.sourceforge.net
[mailto:poptop-server-bounces <at> lists.sourceforge.net] On Behalf Of Mark
L. Wise
Sent: Tuesday, February 05, 2008 8:25 AM
To: poptop-server <at> lists.sourceforge.net
Subject: [Poptop-server] Performance questions....

Hello all!

I have a client who is asking about speed/performance over a VPN .vs. a
LAN.

(Continue reading)

James Cameron | 5 Feb 2008 22:44

Picon

Re: Performance questions....

On Tue, Feb 05, 2008 at 08:49:25AM -0600, Gene Nazarov wrote:
> VPN (or pptpd) connection is a basically a serial port over Ethernet. 

It might look like that, especially since the pptpd this project ships
cannot cope with packet re-ordering.  Other implementations are more
able to recover.

> Long story short, maximum speed is basically this: 115,200 bps (that's
> bits). Or roughly 90 KBps.

I disagree.  I've seen maximum speeds of about 85% of the total link
bandwidth. But as soon as packet loss occurs, there is a severe
degradation in performance.

(I'm curious about this 115200 idea.  At one stage we had code in pptpd
that would pass 115200 to pppd, and pppd would use this to set the baud
rate of the pseudo-tty ... but I don't know any kernel that would obey
that rate.  We removed that code.)

> If you need faster tunnels, look into alternatives such as OpenVPN which
> gives great results overall (or IPSec, though I'm not too familiar with
> its speed).

I agree.

Answering the original poster ... I did a performance test of pptpd last
year or the year before, on 100 Mb LAN and two-way satellite, to find
out how many tunnels could be run between two hosts before no further
tunnels could be started.  I didn't note any unusual curvature of the
results as far as link throughput is concerned.

(Continue reading)

Gene Nazarov | 5 Feb 2008 23:30

Re: Performance questions....


You heard the man! :) Additional comments in-line. 

>It might look like that, especially since the pptpd this project ships
>cannot cope with packet re-ordering.  Other implementations are more
>able to recover.

Whoops, I meant poptop that's sitting on pppd, my slip there. 

> I disagree.  I've seen maximum speeds of about 85% of the total link
> bandwidth. But as soon as packet loss occurs, there is a severe
> degradation in performance.

Won't argue as you're the man in this.

> (I'm curious about this 115200 idea.  At one stage we had code in
pptpd
> that would pass 115200 to pppd, and pppd would use this to set the
baud
> rate of the pseudo-tty ... but I don't know any kernel that would obey
> that rate.  We removed that code.)

115k is the maximum serial port speed. If pptpd emulates serial port,
logically that would be its max speed (potentially kernel limited). My
WinXP box shows the properties of the connection as 10Mbit, but that
doesn't mean much as its XP and all, and its 'properties' when it comes
to a lot of things are somewhere between and approximation and a wild
guess.

Well funny you say that, as now I'm getting interested in this whole

(Continue reading)

James Cameron | 5 Feb 2008 23:59

Picon

Re: Performance questions....

On Tue, Feb 05, 2008 at 04:30:53PM -0600, Gene Nazarov wrote:
> Won't argue as you're the man in this.

Don't let that influence evidence though.  I'm quite willing to be
wrong.

> 115k is the maximum serial port speed.

No, it isn't.  Only certain platforms have that as a maximum speed.

> If pptpd emulates serial port, logically that would be its max speed
> (potentially kernel limited).

Ah, but it doesn't emulate a serial port.  There's nothing in the PPTP
RFCs that says "emulate a serial port".  The code uses a pseudo-tty as
the data connection between pptpd and pppd, but there's no reason why we
could not re-implement PPP inside pptpd.  Just a lot of work for little
benefit.

> I'm not sure I would be willing to send you gigabit equipment and all
> :). But if you are interested I may be coaxed into running some numbers
> to see just how fast it would go under normal enterprise conditions.

We are all interested in results, if you have the time to be careful
enough to document what you did and what the results were.  

I expect a performance test would take me about a day or two to do
properly, using two test systems and a crossover cable.

--

--

(Continue reading)

Gene Nazarov | 6 Feb 2008 00:15

Re: VPN Speed test (WAS: Performance questions....)

Completely un-scientific test numbers:

Test: Copy the file down to the remote computer.

Test File:
Size: 40.7 MB

FTP over VPN
Speed: 350 k/s
Time: 115 seconds

SMB over VPN
Speed: 270 k/s 
Time: 150 seconds

SpeedTest
Speed test from the same computer (which isn't making any sense to me
for 
some reason as they're either too high or too low depending on how you
read it: http://www.dslreports.com/im/45325144/86282.png 

Personal note: I guess I stand corrected as far as speed goes. Keep in
mind that those are all spur of the moment numbers without any control
conditions. This was done on friend's computer, and I can swear that it
doesn't take as fast when done from mine at home (we're both on
Comcast). 

Conclusion: individual experience *will* vary. At any rate I'll run some
more numbers a tad later.

(Continue reading)

Group

gmane.network.poptop.

Project Web Page

Discussion list for Poptop, an open source implementation of PPTP (Point to Point Tunnelling Protocol), used for setting up VPNs ()

Search Archive

Page

1 | 2 | 3 | 4

Articles in period: 31

February 2008

Language

Change language

Options

Current view: Threads only / Showing only 20 lines / Not hiding cited text.
Change to All messages, whole messages, or hide cited text.

Post a message
NNTP Newsgroup
Classic Gmane web interface
XML

XML

RSS Feed
List Information

About Gmane

Recent entries

Access local IP's when connected to PPTP in windows? (18 May 2013)
updates resolv.conf (7 May 2013)
NAT/IPTables question with pptpd (25 Apr 2013)
Help with troubleshooting performance issue (2 Apr 2013)
git now in use (18 Feb 2013)
[PATCH] Use pppd.h provided by ppp-dev (7 Feb 2013)
[PATCH] Fix "Binary trash when launching ppp" (7 Feb 2013)
[PATCH] Fix PPTP connections drop (7 Feb 2013)
[PATCH] "remotenumber" support (7 Feb 2013)
[PATCH] Catch missing EOL at EOF (7 Feb 2013)
[PATCH]Add manpage for bcrelay (7 Feb 2013)
[PATCH] Fix segfault upon invalid IP range (7 Feb 2013)
pptpd in Debian (7 Feb 2013)
pptp security (8 Jan 2013)
problem getting client to connect via pptpd (6 Jan 2013)
Internet browsing (26 Nov 2012)
about "GRE: xmit failed from decaps_hdlc: No buffer space available" (24 Nov 2012)
pptpd started by other user (17 Nov 2012)
This list is my Obi Wan - please help if you can PPTP VPN Client in Ub (14 Oct 2012)
PPTPD on Fedora 17 (3 Sep 2012)
[Patch] logtmp plugin ppp compatibility fix (31 Aug 2012)

Archives

4	May 2013
15	April 2013
18	February 2013
37	January 2013
5	November 2012
5	October 2012
2	September 2012
27	August 2012
24	July 2012
3	June 2012
10	May 2012
29	April 2012
1	March 2012
4	February 2012
4	January 2012
7	November 2011
6	October 2011
12	September 2011
4	August 2011
2	July 2011
4	June 2011
3	May 2011
29	April 2011
14	March 2011
6	February 2011
5	January 2011
2	December 2010
5	November 2010
19	October 2010
9	September 2010
3	August 2010
4	July 2010
24	June 2010
3	May 2010
10	April 2010
64	March 2010
17	February 2010
24	January 2010
18	December 2009
44	November 2009
8	September 2009
9	August 2009
14	July 2009
24	June 2009
24	May 2009
27	April 2009
23	March 2009
31	February 2009
25	January 2009
38	December 2008
25	November 2008
17	October 2008
35	September 2008
27	August 2008
31	July 2008
58	June 2008
31	May 2008
21	April 2008
21	March 2008
31	February 2008
28	January 2008
28	December 2007
44	November 2007
53	October 2007
24	September 2007
18	August 2007
9	July 2007
35	June 2007
85	May 2007
56	April 2007
5	March 2007
47	February 2007
50	January 2007
10	December 2006
50	November 2006
47	October 2006
51	September 2006
52	August 2006
62	July 2006
130	June 2006
48	May 2006
68	April 2006
93	March 2006
73	February 2006
63	January 2006
54	December 2005
52	November 2005
57	October 2005
68	September 2005
123	August 2005
103	July 2005
154	June 2005
66	May 2005
150	April 2005
177	March 2005
182	February 2005
168	January 2005
144	December 2004
66	November 2004
162	October 2004
169	September 2004
90	August 2004
134	July 2004
156	June 2004
111	May 2004
149	April 2004
222	March 2004
280	February 2004
101	January 2004

Design

Zawodny | Right Menu | Left Menu

Your Own Design

Paste the URL of your CSS below. Download CSS template