OpenVPN latency spikes when bridged (tap/ethernet)
Posted: Sat Jul 02, 2011 6:55 am
Hello all,
I'm currently trying to setup an OpenVPN server to accept connections from remote Windows PC clients to allow bridged access to the internal LAN network resources. My configuration is essentially identical to the Mikrotik Wiki config and does work, however, if I make the OpenVPN tunnel a member-port on a bridge (either statically or dynamically) the latency on the tunnel traffic will randomly spike 200-300ms for no apparent reason:
Pinging 192.168.146.239 with 32 bytes of data:
Reply from 192.168.146.239: bytes=32 time=22ms TTL=64
Reply from 192.168.146.239: bytes=32 time=246ms TTL=64
Reply from 192.168.146.239: bytes=32 time=24ms TTL=64
Reply from 192.168.146.239: bytes=32 time=252ms TTL=64
Reply from 192.168.146.239: bytes=32 time=237ms TTL=64
Reply from 192.168.146.239: bytes=32 time=13ms TTL=64
Reply from 192.168.146.239: bytes=32 time=12ms TTL=64
Reply from 192.168.146.239: bytes=32 time=329ms TTL=64
...etc...
A second ping running at the same time to the routers outside IP address confirms the latency spikes are present only in the tunnel itself. If the tunnel interface is not a member of the bridge, then latency values are clean and free of any spikes.
Any ideas? I've tried a variety of tweaks and modifications but other than it's presence in the bridge or not, nothing else seems to have an affect on the issue.
I'm currently trying to setup an OpenVPN server to accept connections from remote Windows PC clients to allow bridged access to the internal LAN network resources. My configuration is essentially identical to the Mikrotik Wiki config and does work, however, if I make the OpenVPN tunnel a member-port on a bridge (either statically or dynamically) the latency on the tunnel traffic will randomly spike 200-300ms for no apparent reason:
Pinging 192.168.146.239 with 32 bytes of data:
Reply from 192.168.146.239: bytes=32 time=22ms TTL=64
Reply from 192.168.146.239: bytes=32 time=246ms TTL=64
Reply from 192.168.146.239: bytes=32 time=24ms TTL=64
Reply from 192.168.146.239: bytes=32 time=252ms TTL=64
Reply from 192.168.146.239: bytes=32 time=237ms TTL=64
Reply from 192.168.146.239: bytes=32 time=13ms TTL=64
Reply from 192.168.146.239: bytes=32 time=12ms TTL=64
Reply from 192.168.146.239: bytes=32 time=329ms TTL=64
...etc...
A second ping running at the same time to the routers outside IP address confirms the latency spikes are present only in the tunnel itself. If the tunnel interface is not a member of the bridge, then latency values are clean and free of any spikes.
Any ideas? I've tried a variety of tweaks and modifications but other than it's presence in the bridge or not, nothing else seems to have an affect on the issue.
Code: Select all
/interface bridge
add name=LAN-Bridge
/interface bridge port
add bridge=LAN-Bridge interface=ether3
add bridge=LAN-Bridge interface=ovpn-in1
/interface bridge settings
set use-ip-firewall=yes use-ip-firewall-for-pppoe=no use-ip-firewall-for-vlan=no
/ip address
add address=192.168.145.1/16 comment="Cust LAN" disabled=no interface=LAN-Bridge
/ip pool
add name=ovpn-pool ranges=192.168.146.240-192.168.146.250
/ip firewall nat
add action=src-nat chain=srcnat disabled=no src-address=192.168.0.0/16
/interface ovpn-server
add disabled=no name=ovpn-in1 user=ppp1
/interface ovpn-server server
set auth=sha1 certificate=cert1 cipher=aes128,aes192,aes256 default-profile=ovpn enabled=yes keepalive-timeout=60 max-mtu=1500 mode=ethernet netmask=16 port=1194 require-client-certificate=no
/ppp profile
add bridge=LAN-Bridge change-tcp-mss=default name=ovpn only-one=default remote-address=ovpn-pool local-address=192.168.146.239 use-compression=default use-encryption=required use-ipv6=yes \
use-mpls=no use-vj-compression=default
/ppp secret
add caller-id="" disabled=no limit-bytes-in=0 limit-bytes-out=0 name=ppp1 password=ppp1 profile=ovpn routes="" service=ovpn