Hi all, I''ve recently moved my old phisical machines into a Xen 3.3 PV environment. Everything has gone smoothly and fine... but I''ve found some problems when deplyoing the VPN servers. The thing went like this: I installed, either OpenVPN or L2TP over IPSEC, in a PV Debian machine over Xen 3.3. The services seemed to run fine under low traffic (SSH, RDP...) but when packets became bigger (HTTP or SMB) I started to get lots of ICMP Dest Unreachable packets from the VPN PV machine to the servers with the services mentioned and the performace descended to impractical levels. After some discussion on the OpenVPN mailing list that had no effects (like trying to deal with MTU and such) I installed a new Debian on Xen, but this time using HVM (full virtualization). In this machine all works fine, no ICMP packets. Seeing this I tried once againg to boot the HVM machine using the Dom0 kernel in PV and problems appeared again. I know it''s kind of weird but maybe someone has an OpenVPN running in a PV environment and modified something i didn''t. Any help would be appreciated! Thanks, Aleix Dorca. _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
> Hi all, > > I''ve recently moved my old phisical machines into a Xen 3.3 PV > environment. Everything has gone smoothly and fine... but I''ve found > some problems when deplyoing the VPN servers. > > The thing went like this: > > I installed, either OpenVPN or L2TP over IPSEC, in a PV Debian machine > over Xen 3.3. The services seemed to run fine under low traffic (SSH, > RDP...) but when packets became bigger (HTTP or SMB) I started to get > lots of ICMP Dest Unreachable packets from the VPN PV machine to the > servers with the services mentioned and the performace descended to > impractical levels. > > After some discussion on the OpenVPN mailing list that had no effects > (like trying to deal with MTU and such) I installed a new Debian on > Xen, but this time using HVM (full virtualization). In this machine > all works fine, no ICMP packets. > > Seeing this I tried once againg to boot the HVM machine using the Dom0 > kernel in PV and problems appeared again. > > I know it''s kind of weird but maybe someone has an OpenVPN running in > a PV environment and modified something i didn''t. Any help would be > appreciated! >I have seen something vaguely similar that I fixed by turning off checksum offload. I was seeing it on random network interfaces though, not the OpenVPN tunX interface. Otherwise OpenVPN seems to work just fine in Dom0 and in DomU. James _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users