This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
Home Products Support Community News


RE: [Xen-users] OpenVPN and Xen PV

To: "Aleix Dorca" <adorca@xxxxxx>, <xen-users@xxxxxxxxxxxxxxxxxxx>
Subject: RE: [Xen-users] OpenVPN and Xen PV
From: "James Harper" <james.harper@xxxxxxxxxxxxxxxx>
Date: Wed, 19 Nov 2008 19:42:34 +1100
Delivery-date: Wed, 19 Nov 2008 00:43:13 -0800
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <CDF457E0-BEC2-4B65-BFA4-3313859F3440@xxxxxx>
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
References: <CDF457E0-BEC2-4B65-BFA4-3313859F3440@xxxxxx>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
Thread-index: AclKFzV7dXDYv/fYSjytv195LcFnxgAC04eA
Thread-topic: [Xen-users] OpenVPN and Xen PV
> Hi all,
> I've recently moved my old phisical machines into a Xen 3.3 PV
> environment. Everything has gone smoothly and fine... but I've found
> some problems when deplyoing the VPN servers.
> The thing went like this:
> I installed, either OpenVPN or L2TP over IPSEC, in a PV Debian machine
> over Xen 3.3. The services seemed to run fine under low traffic (SSH,
> RDP...) but when packets became bigger (HTTP or SMB) I started to get
> lots of ICMP Dest Unreachable packets from the VPN PV machine to the
> servers with the services mentioned and the performace descended to
> impractical levels.
> After some discussion on the OpenVPN mailing list that had no effects
> (like trying to deal with MTU and such) I installed a new Debian on
> Xen, but this time using HVM (full virtualization). In this machine
> all works fine, no ICMP packets.
> Seeing this I tried once againg to boot the HVM machine using the Dom0
> kernel in PV and problems appeared again.
> I know it's kind of weird but maybe someone has an OpenVPN running in
> a PV environment and modified something i didn't. Any help would be
> appreciated!

I have seen something vaguely similar that I fixed by turning off
checksum offload. I was seeing it on random network interfaces though,
not the OpenVPN tunX interface.

Otherwise OpenVPN seems to work just fine in Dom0 and in DomU.


Xen-users mailing list

<Prev in Thread] Current Thread [Next in Thread>