[ previous ] [ next ] [ threads ]
 
 From:  "Chris Buechler" <cbuechler at gmail dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] net4501 webgui slowness tests and results
 Date:  Wed, 20 Jun 2007 19:00:54 -0400
On 6/20/07, Albert Lash <albert dot lash at gmail dot com> wrote:
>
> I think that the slowness has something to do with the fact that I have a
> VPN setup through a filtered bridge. This will cause a shell to drop when I
> run commands like dmesg, ifconfig, or ps -A. This likely causes fragmented
> packets, which I guess are harder for the firewall to manage.

No. Unless you're pushing enough traffic over that VPN to use a
substantial amount of CPU, it's entirely unrelated to how fast the GUI
is.

Long commands dropping with VPN are the result of MTU issues. You
don't mention any details about your VPN that I see, so I can't even
begin to guess where it might be an issue. What happens is a near-1500
byte packet is generated, with the IPsec encapsulation it becomes over
1500 bytes and cannot be sent, and PMTUD should kick in at that point
and your client should try again with smaller packets. There are lots
of areas where this can and does fail, and some other VPN's that work
differently from what I just described.

-Chris