Poor Performance with Poptop (pptpd)

Hello,

I'm running Poptop (hereafter pptpd) on my Red Hat 9 box to serve out
PPTP VPN connections to multiple Win2000/XP clients. The purpose is so
that I can run hlds (Half-Life Dedicated Server) as a LAN server, and
allow others in my dorm to connect to it (we all have public IPs, so
the VPN is required). The entire setup works correctly now; however, I
am experiencing very poor performance for the VPN clients (ping > 1000
ms in Half-Life in some cases). I thought this might be due to the
PPTP encryption, so I disabled it (this is client-side configuration
in Windows), but the performance is still poor. We are on a 10 Mbps
LAN, and my box is a P-III 600, 384 MB RAM, and the external ethernet
card is a 3Com 10/100. The box is not overloaded, nor are there just
too many VPN connections; I've tested it with a single connection, and
had high pings. I'd like to stick with using pptpd, because the
client-side configuration is very easy. Is the pptpd daemon just not
able to handle this, or are there other tweaks I can try? Any
suggestions will be appreciated.

Thanks,

Gabe

"Gabriel Michael" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed) m...
> Hello,

Hello,

I ran your message through Babelfish (Portuguese to English) in an effort to
understand it, and it came up with this:

===========
I'm running Poptop (to hereafter pptpd) on my Red Hat 9 box you serves out PPTP
VPN connections you multiple Win2000/XP clients. The purpose is so that I can
run hlds (Half-Life Dedicated Server) a LAN server, and allow others in my dorm
you connect you it (we all have public IPs, so the VPN is required). The entire
setup works correctly now; to however, I am experiencing very poor performance
will be the VPN clients (ping > 1000 ms in Half-Life in adds marries). I
thought this might be due you the PPTP encryption, so I disabled it (this is
client-side configuration in Windows), but the poor performance is still. We
ploughs on the 10 Mbps LAN, and my box is P-iii 600, 384 MB RAM, and the
eXternal ethernet card is 3Com 10/100. The box is not overloaded, nor ploughs
there just too many VPN connections; I've tested it with single connection, and
had high pings. I'd like you stick with using pptpd, because the client-side
configuration is very easy. Is the pptpd daemon just not able you handle this,
or ploughs there to other tweaks I can try? Any suggestions will be
appreciated.
===========

Hmm, it seems it was in English after all, except for the ploughs. I'm none the
wiser I'm afraid (and neither are you, sorry).

--
Paul

"Paul Catley" <(E-Mail Removed)> wrote in message
news:bknvvd$401d7$(E-Mail Removed)...
> "Gabriel Michael" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed) m...
> > Hello,
>
> Hello,
>
> I ran your message through Babelfish (Portuguese to English) in an effort
to
> understand it, and it came up with this:
>
> ===========
> I'm running Poptop (to hereafter pptpd) on my Red Hat 9 box you serves out
PPTP
> VPN connections you multiple Win2000/XP clients. The purpose is so that I
can
> run hlds (Half-Life Dedicated Server) a LAN server, and allow others in my
dorm
> you connect you it (we all have public IPs, so the VPN is required). The
entire
> setup works correctly now; to however, I am experiencing very poor
performance
> will be the VPN clients (ping > 1000 ms in Half-Life in adds marries). I
> thought this might be due you the PPTP encryption, so I disabled it (this
is
> client-side configuration in Windows), but the poor performance is still.
We
> ploughs on the 10 Mbps LAN, and my box is P-iii 600, 384 MB RAM, and the
> eXternal ethernet card is 3Com 10/100. The box is not overloaded, nor
ploughs
> there just too many VPN connections; I've tested it with single
connection, and
> had high pings. I'd like you stick with using pptpd, because the
client-side
> configuration is very easy. Is the pptpd daemon just not able you handle
this,
> or ploughs there to other tweaks I can try? Any suggestions will be
> appreciated.
> ===========
>
> Hmm, it seems it was in English after all, except for the ploughs. I'm
none the
> wiser I'm afraid (and neither are you, sorry).
>
>

*cough...JACKASS...cough*

Gabriel Michael <(E-Mail Removed)> wrote:

[PPTP on RH9 for Windows Clients]
> and
> allow others in my dorm to connect to it (we all have public IPs,
> so the VPN is required).

Whether you need a VPN or not has nothing to do with
the public IPs. It depends on the networking capabilities
of the game and your network structure. If all the IPs are
located in the same LAN network you won't need a VPN.

Check the IP addresses and netmasks, the IP addresses
should be from the same network range and the netmasks
should be equal. Of course you could also check with
tracert/traceroute. If you are on the same network, only
the final destination answers, otherwise you get an answer
from each intermediate router in addition.


> The entire setup works correctly now; however, I
> am experiencing very poor performance for the VPN clients (ping > 1000
> ms in Half-Life in some cases).

Do you experience also packet loss, ie. got all pings an
answer back or not)? Use the ping command for this.

If you have a packet filter running (on either end) disable
it for a short test.

Issue ifconfig command, do you see suspicously high error
counters in the output?

What response times do you get when you ping the _public_ IP
addresses, or how is the performance w/o pptp of the network?

Fire up ethereal on both sides of the VPN and have them
listen on the ethernet and the pptp interface simultaneously.
This should enable you to detect where the most time is wasted.
You should also get an idea how much traffic hits your box.


> [...] We are on a 10 Mbps
> LAN,

See above. If you all connected to the _same_ LAN network
without any intermediate router, you don't need a VPN.


> I'd like to stick with using pptpd, because the
> client-side configuration is very easy.

CIPE and OpenVPN would be an alternative if your problem
is indeed caused by Poptop. They are esaier to setup than
IPSec stuff, also. ;-)


Ciao, Horst
--
»When pings go wrong (It hurts me too)« E.Clapton/E.James/P.Tscharn

In article <8mPbb.2983$(E-Mail Removed)>, Doktersteve\
<(E-Mail Removed)> wrote:
>
> *cough...JACKASS...cough*
>

Nope, that was just plain funny.

Reposting the entire message just to add your three word analysis,
however, seems to me to be a lot closer to Jackass level than the
original reply.

Maybe you're just missing the olden days of posting with your
friends....

___
Neil
AKA HighVis
"Looooooooooooooozzzzzzaaaaaaaaaasssssssssss
Bye, and Plonk, Plonk, Plonk...."
- the amazing Chris Jacobs, fleetingly of AGHL

"Paul Catley" <(E-Mail Removed)> wrote in message news:<bknvvd$401d7$(E-Mail Removed)>...
> "Gabriel Michael" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed) m...
> > Hello,
>
> Hello,
>
> I ran your message through Babelfish (Portuguese to English) in an effort to
> understand it, and it came up with this:

Didn't your mother ever tell you, "If you don't have anything nice to
say, don't say anything at all?" If you need clarification, ask for
it; otherwise, don't waste my time. Newsgroups are based around
individuals posting helpful replies, not insults.

Gabe

(E-Mail Removed) (Gabriel Michael) wrote in message news:<(E-Mail Removed) om>...
> Hello,
>
> I'm running Poptop (hereafter pptpd) on my Red Hat 9 box to serve out
> PPTP VPN connections to multiple Win2000/XP clients. The purpose is so
> that I can run hlds (Half-Life Dedicated Server) as a LAN server, and
> allow others in my dorm to connect to it (we all have public IPs, so
> the VPN is required). The entire setup works correctly now; however, I
> am experiencing very poor performance for the VPN clients (ping > 1000
> ms in Half-Life in some cases). I thought this might be due to the
> PPTP encryption, so I disabled it (this is client-side configuration
> in Windows), but the performance is still poor. We are on a 10 Mbps
> LAN, and my box is a P-III 600, 384 MB RAM, and the external ethernet
> card is a 3Com 10/100. The box is not overloaded, nor are there just
> too many VPN connections; I've tested it with a single connection, and
> had high pings. I'd like to stick with using pptpd, because the
> client-side configuration is very easy. Is the pptpd daemon just not
> able to handle this, or are there other tweaks I can try? Any
> suggestions will be appreciated.
>
> Thanks,
>
> Gabe

So, I have taken it upon myself to further explain my predicament, in
order to not provide ammunition for those who feel the need to browse
newgroups and post useless, time-wasting replies from machines with
poor firewalls.

My box has two physical ethernet cards, eth0 and eth1. eth0 is the
external card, with a public IP. eth1 is the internal card, with a
private IP of 172.16.0.1. When one does `hlds [options] +sv_lan 1
-nomaster`, hlds binds to this private IP. In order to allow other
players to join the LAN game, I have installed pptpd to serve out PPTP
VPN connections (using the GRE protocol, this is a Microsoft thing).
The reason I chose pptpd is because the client connections are very
easy to set up. When someone establishes a VPN to my public IP,
ifconfig shows it as a PPP connection, with client IPs ranging from
192.168.1.2-254 (the server is always 192.168.1.1). With proper
forwarding in iptables, these clients simply go to their Half-Life
console, type `connect 172.16.0.1`, and are able to connect to the
game; however, they have very high pings, bad enough to discourage
them from playing. Of course, when I join locally from 172.16.0.175 to
172.16.0.1, my pings range from 6 - 15 ms.

Is the poor performance due to pptpd? Are there tweaks or
configuration to pptpd or the system in general (or for those in
alt.games.half-life, hlds) that will improve the performace?

Thanks,

Gabe

In article <(E-Mail Removed) >,
(E-Mail Removed) says...
> Newsgroups are based around
> individuals posting helpful replies, not insults.
>
>Gasp< ! (Usenet rocked to it's very core, etc).

I thought Paul's post more of a self deprecating riff on his lack of
knowledge of things techy, to be honest.

"Gabriel Michael" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed) om...
>
> Newsgroups are based around
> individuals posting helpful replies, not insults.

Uh-oh.
I'm in the wrong room.

--
Thad
"You are so clueless that if you dressed in a clue skin, doused yourself
in clue musk, and did the clue dance in the middle of a field of horny
clues at the height of clue mating season, you still would not have a
clue." -Guy Macon

In article <(E-Mail Removed) >, Gabriel
Michael <(E-Mail Removed)> wrote:

> Newsgroups are based around
> individuals posting helpful replies, not insults.

You're not from round these parts, are you? Still, the auto sig-catcher
needed the workout....

:::auto sig-catcher on:::

Ker-chingggg!!!

:::auto sig-catcher off:::

Cheers

___
Neil
AKA HighVis
"Newsgroups are based around individuals posting helpful replies, not
insults" - Gabriel Michael