Wednesday, November 7, 2012

OpenVPN over IP Tunnel

In order to let our office to access the private network of our servers in IDC, I set up an OpenVPN server on 1.1.1.1, which is a server in IDC, and set up an OpenVPN client on 2.2.2.2, which is a server configured in DMZ of our office network, like this:
IDC private network--OpenVPN server(1.1.1.1)--OpenVPN client(2.2.2.2)--Office private network
But the OpenVPN connection auto-restarted very often:
Tue Nov 6 10:47:49 2012 Preserving previous TUN/TAP instance: tun1
Tue Nov 6 10:47:49 2012 Initialization Sequence Completed
Tue Nov 6 10:50:27 2012 [server] Inactivity timeout (--ping-restart), restarting
Tue Nov 6 10:50:27 2012 TCP/UDP: Closing socket
Tue Nov 6 10:50:27 2012 SIGUSR1[soft,ping-restart] received, process restarting
Tue Nov 6 10:50:27 2012 Restart pause, 2 second(s)
The connection speed never exceeded  5 Mbps (our office's bandwidth is 100 Mbps).

The connection always stalled during the first MB of a file transfer.

I googled for a long time, tried every possible fix of this problem: changed MTU size, upgraded OpenVPN software, modified the configuration of the core switch.  No use at all.  I doubted that it is the internet connection of our office that causes the problem.

Today, an idea jumped out: why not find a way to bypass the possible internet connection problem!

How about OpenVPN over IP tunnel?

First, I established an IP tunnel between the OpenVPN server and client:

On server side:
/sbin/ip tunnel add tunnel0 mode ipip remote 2.2.2.2 local 1.1.1.1
/sbin/ip link set tunnel0 up
/sbin/ifconfig tunnel0 192.168.0.1 netmask 255.255.255.0
On client side:
/sbin/ip tunnel add tunnel0 mode ipip remote 1.1.1.1 local 2.2.2.2
/sbin/ip link set tunnel0 up
/sbin/ifconfig tunnel0 192.168.0.2 netmask 255.255.255.0
Then I changed 'remote 1.1.1.1' to 'remote 192.168.0.1' in client.conf, then start the OpenVPN client.

Bingo!  The connection is extremely stable, it never stalls.  The transfer speed can easily be close to 100 Mbps.

No comments:

Post a Comment