New Member
Posts: 13
Registered: ‎09-16-2013
Kudos: 4

Very poor PPTP client throughput on ERL

[ Edited ]

I'm experiencing poor bandwidth over PPTP client connection to remote PPTP server. The ERL is connected to my ISP via ethernet over 200Mbit fiber and I have a windows 7 box connected locally to the ERL. If I connect to the PPTP server via the Windows box, I get >400% higher throughput compared to connecting the ERL to the server and routing traffic over the tunnel. The ERL cpu doesn't appear to be a limiting factor (~15% usage during throughput test).

I'm testing the throughput from with Windows box using speedtest.net on a server very close to the PPTP server. Bandwidth (down/up)

  • Win7 PPTP: 34/18 Mbit
  • ERL PPTP: 6/2 Mbit

The network setup is pretty standard:

            public IP
+------------------------------+
|             eth2             |
|    eth0             eth1     |
+------------------------------+
192.168.1.1/24    192.168.3.1/24
       |
       |
 192.168.1.102
+-------------+
|Windows 7 box|
+-------------+

I have a static default route over interface pptpc0 setup as table 1 and when the using the ERL as the PPTP client, I route the windows box traffic over the tunnel using "ip rule add from 192.168.1.102 table 1".

Looking at /var/log/messages, I get a lot of "buffering package X (expecting Y, lost or reordered)". e.g.:

Sep 18 12:11:37 router pptp[7106]: anon log[decaps_gre:pptp_gre.c:414]: buffering packet 3147 (expecting 3146, lost or reordered)
Sep 18 12:11:38 router pptp[7106]: anon log[decaps_gre:pptp_gre.c:414]: buffering packet 3162 (expecting 3161, lost or reordered)
Sep 18 12:11:38 router pptp[7106]: anon log[decaps_gre:pptp_gre.c:414]: buffering packet 3165 (expecting 3164, lost or reordered)
Sep 18 12:11:39 router pptp[7106]: anon log[decaps_gre:pptp_gre.c:414]: buffering packet 3172 (expecting 3166, lost or reordered)
Sep 18 12:11:39 router pptp[7106]: anon log[decaps_gre:pptp_gre.c:414]: buffering packet 3178 (expecting 3173, lost or reordered)
Sep 18 12:11:40 router pptp[7106]: anon log[decaps_gre:pptp_gre.c:414]: buffering packet 3199 (expecting 3194, lost or reordered)
Sep 18 12:11:41 router pptp[7106]: anon log[decaps_gre:pptp_gre.c:414]: buffering packet 3210 (expecting 3204, lost or reordered)
Sep 18 12:11:42 router pptp[7106]: anon log[decaps_gre:pptp_gre.c:414]: buffering packet 3226 (expecting 3225, lost or reordered)
Sep 18 12:11:54 router pptp[7106]: anon log[decaps_gre:pptp_gre.c:414]: buffering packet 3305 (expecting 3301, lost or reordered)
Sep 18 12:11:58 router pptp[7106]: anon log[decaps_gre:pptp_gre.c:414]: buffering packet 3312 (expecting 3306, lost or reordered)
Sep 18 12:12:01 router pptp[7106]: anon log[decaps_gre:pptp_gre.c:414]: buffering packet 3315 (expecting 3314, lost or reordered)
Sep 18 12:12:04 router pptp[7106]: anon log[decaps_gre:pptp_gre.c:414]: buffering packet 3351 (expecting 3337, lost or reordered)
Sep 18 12:12:04 router pptp[7106]: anon log[decaps_gre:pptp_gre.c:414]: buffering packet 3356 (expecting 3355, lost or reordered)
Sep 18 12:12:05 router pptp[7106]: anon log[decaps_gre:pptp_gre.c:414]: buffering packet 3358 (expecting 3357, lost or reordered)
Sep 18 12:12:05 router pptp[7106]: anon log[decaps_gre:pptp_gre.c:414]: buffering packet 3359 (expecting 3357, lost or reordered)

I've tried changing the MTU down and up without any significant change in the results. The Windows box PPTP MTU is 1400.

Any advice would be greatly appreciated. My configuration is below (XXX inserted in sensitive fields).

 firewall {
     all-ping enable
     broadcast-ping disable
     conntrack-expect-table-size 4096
     conntrack-hash-size 4096
     conntrack-table-size 32768
     conntrack-tcp-loose enable
     ipv6-receive-redirects disable
     ipv6-src-route disable
     ip-src-route disable
     log-martians enable
     name WAN_TO_LAN {
         default-action drop
         description "From Internet to LAN"
         enable-default-log
         rule 1 {
             action accept
             description "allow established sessions"
             log disable
             protocol all
             state {
                 established enable
                 invalid disable
                 new disable
                 related enable
             }
         }
         rule 2 {
             action drop
             description "drop invalid state"
             log disable
             protocol all
         }
     }
     name WAN_TO_ROUTER {
         default-action drop
         description "From Internet to router"
         enable-default-log
         rule 1 {
             action accept
             description "SSH to router"
             destination {
                 port 888
             }
             log disable
             protocol tcp
         }
         rule 2 {
             action accept
             description "OpenVPN to router"
             destination {
                 port 1194
             }
             log disable
             protocol tcp_udp
         }
         rule 3 {
             action accept
             description "HTTPS to router"
             destination {
                 port https
             }
             log disable
             protocol tcp
         }
         rule 4 {
             action accept
             description "allow established sessions"
             log disable
             protocol all
             state {
                 established enable
                 invalid disable
                 new disable
                 related enable
             }
         }
         rule 5 {
             action drop
             description "drop invalid state"
             log enable
             protocol all
         }
     }
     receive-redirects disable
     send-redirects enable
     source-validation disable
     syn-cookies enable
 }
 interfaces {
     ethernet eth0 {
         address 192.168.1.1/24
         description int-wired
         duplex auto
         speed auto
     }
     ethernet eth1 {
         address 192.168.3.1/24
         description int-wireless
         duplex auto
         speed auto
     }
     ethernet eth2 {
         address dhcp
         description internet
         duplex auto
         firewall {
             in {
                 name WAN_TO_LAN
             }
             local {
                 name WAN_TO_ROUTER
             }
         }
         speed auto
     }
     loopback lo {
     }
     openvpn vtun0 {
         encryption aes128
         mode server
         openvpn-option "--verb 4"
         protocol udp
         server {
             client XXX {
                 ip 10.8.0.2
                 subnet 192.168.100.0/24
             }
             push-route 192.168.1.0/24
             subnet 10.8.0.0/24
         }
         tls {
             ca-cert-file /config/auth/ca.crt
             cert-file /config/auth/XXX.crt
             dh-file /config/auth/dh2048.pem
             key-file /config/auth/XXX.key
         }
     }
     pptp-client pptpc0 {
         default-route auto
         mtu 1400
         name-server auto
         password XXX
         require-mppe
         server-ip XXX
         user-id XXX
     }
 }
 protocols {
     static {
         interface-route 192.168.100.0/24 {
             next-hop-interface vtun0 {
             }
         }
         table 1 {
             interface-route 0.0.0.0/0 {
                 next-hop-interface pptpc0 {
                 }
             }
         }
     }
 }
 service {
     dhcp-server {
         disabled false
         global-parameters "on commit { set ClientName = pick-first-value(option fqdn.hostname, option host-name); set ClientIp = binary-to-ascii(10, 8, ".", leased-address); set ClientMac = binary-to-ascii(16, 8, ":", substring(hardware, 1, 6)); execute("/config/scripts/on-dhcp-event.sh", "commit", ClientName, ClientIp, ClientMac); }"
         global-parameters "on release { set ClientName = pick-first-value(option fqdn.hostname, option host-name); set ClientIp = binary-to-ascii(10, 8, ".", leased-address); set ClientMac = binary-to-ascii(16, 8, ":", substring(hardware, 1, 6)); execute("/config/scripts/on-dhcp-event.sh", "release", ClientName, ClientIp, ClientMac); }"
         shared-network-name dhcp {
             authoritative disable
             subnet 192.168.1.0/24 {
                 default-router 192.168.1.1
                 dns-server 192.168.1.1
                 lease 86400
                 start 192.168.1.100 {
                     stop 192.168.1.200
                 }
             }
         }
     }
     dns {
         dynamic {
             interface eth2 {
                 service namecheap {
                     host-name XXX
                     login XXX
                     password XXX
                 }
             }
         }
         forwarding {
             cache-size 1000
             listen-on eth0
             listen-on eth1
         }
     }
     gui {
         https-port 443
     }
     nat {
         rule 5000 {
             description "internal NAT"
             log disable
             outbound-interface eth2
             protocol all
             source {
                 address 192.168.1.0/16
             }
             type masquerade
         }
         rule 5001 {
             description "PPTP VPN NAT"
             log disable
             outbound-interface pptpc0
             protocol all
             source {
                 address 192.168.1.0/16
             }
             type masquerade
         }
     }
     ssh {
         port 888
         protocol-version v2
     }
 }
 system {
     host-name home-router
     login {
         user XXX {
             authentication {
                 encrypted-password XXX
                 plaintext-password ""
             }
             level admin
         }
     }
     name-server 8.8.8.8
     name-server 8.8.4.4
     ntp {
         server 0.ubnt.pool.ntp.org {
         }
         server 1.ubnt.pool.ntp.org {
         }
         server 2.ubnt.pool.ntp.org {
         }
         server 3.ubnt.pool.ntp.org {
         }
     }
     package {
         repository debian {
             components main
             distribution squeeze
             password ""
             url http://ftp.us.debian.org/debian
             username ""
         }
     }
     syslog {
         global {
             facility all {
                 level notice
             }
             facility protocols {
                 level debug
             }
         }
     }
     time-zone Asia/Hong_Kong
 }

 

 

Ubiquiti Employee
Posts: 2,991
Registered: ‎02-04-2013
Kudos: 354
Solutions: 289

Re: Very poor PPTP client throughput on ERL

Did you try mtu 1200 or lower number?

New Member
Posts: 13
Registered: ‎09-16-2013
Kudos: 4

Re: Very poor PPTP client throughput on ERL

Hi Arthur, Yes, I tried all the way down to around 700 with no discernible improvement. I'm about 170 ms (stable) ping away from the server in case it's relevant. I've read that PPTP can have packet ordering issues over high latency networks although I'm not sure what constitutes high and it seems the windows client doesn't have any issue. Thanks
Previous Employee
Posts: 13,551
Registered: ‎06-10-2011
Kudos: 5479
Solutions: 1656
Contributions: 2

Re: Very poor PPTP client throughput on ERL

One thing you can try is set the regular (non-PPTP) MTU on the Windows box while doing PPTP on the ER Lite. Maybe try a few different values, e.g., 1400 and lower, and see if that makes any difference.

New Member
Posts: 13
Registered: ‎09-16-2013
Kudos: 4

Re: Very poor PPTP client throughput on ERL

Thanks for the suggestion, but no meaningingful change.

I moved the MTU on the windows box interface down in 100 steps from 1500 to 1000. The PPTP interface MTU on the ERL was 1396. I also tried moving the PPTP interface MTU around while I moved the windows MTU, but no significant change. The speed test was showing downstream speeds of 4-7Mbit over the various permutations. Connecting via PPTP on the windows box (i.e. windows PPTP -> windows iface -> ERL -> internet) gives 50-60Mbit downstream during the same period.

Ubiquiti Employee
Posts: 2,991
Registered: ‎02-04-2013
Kudos: 354
Solutions: 289

Re: Very poor PPTP client throughput on ERL


bradd wrote:... downstream speeds of 4-7Mbit over the various permutations. Connecting via PPTP on the windows box (i.e. windows PPTP -> windows iface -> ERL -> internet) gives 50-60Mbit downstream during the same period.

What's the topology for the 4-7Mbit test?

New Member
Posts: 13
Registered: ‎09-16-2013
Kudos: 4

Re: Very poor PPTP client throughput on ERL

Sorry, I'm not 100% clear what you mean by topology. The ERL is connected via ethernet (DHCP) to my ISP on port 2 (eth2). My windows box is connected to the ERL on port 0 (eth0) on 192.168.1.0/24 subnet.

For the 4-7Mbit test, the ERL has a PPTP tunnel (pptpc0) up to a remote PPTP server and all traffic from the windows box's IP is routed over the PPTP tunnel (via routing table with default route to the pptpc0 interface and rule specifying traffic from that IP goes to that table):

# ip route show table 1
default dev pptpc0  proto zebra  scope link
192.168.100.0/24 dev vtun0  proto zebra

# ip rule
0:      from all lookup local
32765:  from 192.168.1.102 lookup 1
32766:  from all lookup main
32767:  from all lookup default

For the 50Mbit test, the rule (32765) is removed, the ERL PPTP tunnel disconnected, and I'm connecting to the same PPTP server directly from the windows box using the windows PPTP client.

Apologies if the terms are wrong, I'm very much not a networking guy.

New Member
Posts: 13
Registered: ‎09-16-2013
Kudos: 4

Re: Very poor PPTP client throughput on ERL

[ Edited ]

In case it helps, I had the (ERL) PPTP driver dump it's connection stats via the method described here (http://linux.die.net/man/8/pptp). I connected the PPTP tunnel, ran a single speed test from the windows box and then sent the dump signal:

pptp[17390]: GRE statistics:
pptp[17390]: rx accepted  = 14332
pptp[17390]: rx lost      = 625
pptp[17390]: rx under win = 1
pptp[17390]: rx over  win = 40
pptp[17390]: rx buffered  = 2091
pptp[17390]: rx OS errors = 0
pptp[17390]: rx truncated = 0
pptp[17390]: rx invalid   = 0
pptp[17390]: rx acks      = 0
pptp[17390]: tx sent      = 9077
pptp[17390]: tx failed    = 0
pptp[17390]: tx short     = 0
pptp[17390]: tx acks      = 2550
pptp[17390]: tx oversize  = 0
pptp[17390]: round trip   = 210096 usecs

 I tried the same on the windows box when connected via windows PPTP, but couldn't work out how to check stats for the PPTP interface in particular. The following are various stats (again, after boot, PPTP connect and single speed test run) dumped via netsh which are probably irrelevant, but I don't know enough to be sure:

netsh interface ipv4>show tcpstats

MIB-II TCP Statistics
------------------------------------------------------
Timeout Algorithm:                  Van Jacobson's Algorithm
Minimum Timeout:                    10
Maximum Timeout:                    4294967295
Maximum Connections:                Dynamic
Active Opens:                       274
Passive Opens:                      0
Attempts Failed:                    8
Established Resets:                 9
Currently Established:              21
In Segments:                        161163
Out Segments:                       105320
Retransmitted Segments:             82
In Errors:                          0
Out Resets:                         35


netsh interface ipv4>show ipstats
MIB-II IP Statistics
------------------------------------------------------
Forwarding is:                      Disabled
Default TTL:                        128
In Receives:                        274397
In Header Errors:                   0
In Address Errors:                  0
Datagrams Forwarded:                0
In Unknown Protocol:                0
In Discarded:                       13
In Delivered:                       275303
Out Requests:                       178379
Routing Discards:                   0
Out Discards:                       0
Out No Routes:                      24
Reassembly Timeout:                 60
Reassembly Required:                0
Reassembled Ok:                     0
Reassembly Failures:                0
Fragments Ok:                       0
Fragments Failed:                   0
Fragments Created:                  0

 Finally, the windows PPTP interface details:

Interface PPTPVPN Parameters
----------------------------------------------
IfLuid                             : ppp_2
IfIndex                            : 31
State                              : connected
Metric                             : 10
Link MTU                           : 1400 bytes
Reachable Time                     : 38500 ms
Base Reachable Time                : 30000 ms
Retransmission Interval            : 1000 ms
DAD Transmits                      : 0
Site Prefix Length                 : 64
Site Id                            : 1
Forwarding                         : disabled
Advertising                        : disabled
Neighbor Discovery                 : disabled
Neighbor Unreachability Detection  : disabled
Router Discovery                   : dhcp
Managed Address Configuration      : enabled
Other Stateful Configuration       : enabled
Weak Host Sends                    : disabled
Weak Host Receives                 : disabled
Use Automatic Metric               : enabled
Ignore Default Routes              : disabled
Advertised Router Lifetime         : 1800 seconds
Advertise Default Route            : disabled
Current Hop Limit                  : 0
Force ARPND Wake up patterns       : disabled
Directed MAC Wake up patterns      : disabled

 

Ubiquiti Employee
Posts: 2,991
Registered: ‎02-04-2013
Kudos: 354
Solutions: 289

Re: Very poor PPTP client throughput on ERL

 protocols {
     static {
         interface-route 192.168.100.0/24 {
             next-hop-interface vtun0 {
             }
         }
         table 1 {
             interface-route 0.0.0.0/0 {
                 next-hop-interface pptpc0 {
                 }
             }
         }
     }
 }

Why the default route(0.0.0.0/0) is put in table 1? What's the current "show ip route" output? Could you try traceroute from the Windows box to the speed test server for each of the two setup?

Then, could you try to put default route in the main table like 192.168.100.0/24? Then try the two speed tests again, and above "show ip route" and traceroute.

New Member
Posts: 13
Registered: ‎09-16-2013
Kudos: 4

Re: Very poor PPTP client throughput on ERL

Hi Arthur,

The default route over pptpc0 is in table 1 because only traffic from two machines is to be routed over the PPTP connection. This is done by inserting rules "ip rule add from 192.168.1.x table 1". I was using speedtest.net so I'm not sure of the IP of the server I was using, so I ran new tests at http://speedtest-sfo1.digitalocean.com/Results (down/up):

ERL PPTP: 5.4/1.1
Win7 PPTP: 24.7/1.3

Route to test server when connected over ERL PPTP:

Tracing route to speedtest-sfo1.digitalocean.com [198.199.97.209]
over a maximum of 30 hops:

  1    <1 ms    <1 ms    <1 ms  192.168.1.1
  2   184 ms   188 ms   189 ms  x.x.x.x.client.dyn.strong-sf8.reliablehosting.com [216.131.120.129]
  3   204 ms   189 ms   199 ms  vrrp-gtwy.reliablehosting.com [216.131.96.1]
  4   184 ms   189 ms   189 ms  te-0-1-0-11-106.r06.snjsca04.us.bb.gin.ntt.net [128.241.216.33]
  5   188 ms   189 ms   189 ms  ae-4.r06.plalca01.us.bb.gin.ntt.net [129.250.4.118]
  6   197 ms   199 ms   199 ms  ae5.ar1.pao1.us.nlayer.net [69.22.153.168]
  7   186 ms   189 ms   209 ms  ae0-90g.cr1.pao1.us.nlayer.net [69.22.153.18]
  8   190 ms   198 ms   199 ms  ae1-70g.cr1.sfo1.us.nlayer.net [69.22.143.169]
  9   196 ms   198 ms   199 ms  as14061.ae5-401.cr1.sfo1.us.nlayer.net [69.22.130.38]
 10   195 ms   199 ms   199 ms  speedtest-sfo1.digitalocean.com [198.199.97.209]

 

Route to test server when connected over Win7 PPTP:

Tracing route to speedtest-sfo1.digitalocean.com [198.199.97.209] over a maximum of 30 hops:

1 175 ms 175 ms 175 ms x.x.x.x.client.dyn.strong-sf8.reliablehosting.com [216.131.120.129]
2 182 ms 175 ms 176 ms vrrp-gtwy.reliablehosting.com [216.131.96.1]
3 178 ms 178 ms 178 ms te-0-1-0-11-106.r06.snjsca04.us.bb.gin.ntt.net [128.241.216.33]
4 179 ms 179 ms 179 ms ae-4.r06.plalca01.us.bb.gin.ntt.net [129.250.4.118]
5 182 ms 179 ms 179 ms ae5.ar1.pao1.us.nlayer.net [69.22.153.168]
6 178 ms 178 ms 178 ms ae0-90g.cr1.pao1.us.nlayer.net [69.22.153.18]
7 182 ms 178 ms 222 ms ae1-70g.cr1.sfo1.us.nlayer.net [69.22.143.169]
8 181 ms 182 ms 179 ms as14061.ae5-401.cr1.sfo1.us.nlayer.net [69.22.130.38]
9 179 ms 179 ms 179 ms speedtest-sfo1.digitalocean.com [198.199.97.209]

 Below is the "show ip route" output when the ERL PPTP connection is up:

S>* 0.0.0.0/0 [210/0] via 203.218.166.254, eth2
C>* 10.8.0.0/24 is directly connected, vtun0
C>* 127.0.0.0/8 is directly connected, lo
C>* 192.168.1.0/24 is directly connected, eth0
C>* 192.168.3.0/24 is directly connected, eth1
S>* 192.168.100.0/24 [1/0] is directly connected, vtun0
C>* 203.218.166.0/24 is directly connected, eth2
K>* 216.131.96.182/32 via 203.218.166.254, eth2, src my.public.ip.addr
C>* 216.131.120.129/32 is directly connected, pptpc0

 And "show ip route table 1"

S>* 0.0.0.0/0 [1/0] is directly connected, pptpc0

 And "ip rule"

0:      from all lookup local
32763:  from 192.168.1.130 lookup 1
32764:  from 192.168.1.102 lookup 1
32766:  from all lookup main
32767:  from all lookup default

If I remove the source based rules and add a default route over pptpc0 to the main table, the trace routes are identical to above. The speed via ERL PPTP is slightly improved by ~1-2Mbit. I presume because it no longer needs to process source based routing.

For reference, the 192.168.100.0/24 subnet is another site, connected via OpenVPN.

Ubiquiti Employee
Posts: 2,991
Registered: ‎02-04-2013
Kudos: 354
Solutions: 289

Re: Very poor PPTP client throughput on ERL

I reproduced the issue with the setup while PPTP server and client are both on EdgeRouters. Still investigating...

Member
Posts: 163
Registered: ‎06-28-2013
Kudos: 604
Solutions: 1

Re: Very poor PPTP client throughput on ERL

 

@UBNT-Arthur wrote:

I reproduced the issue with the setup while PPTP server and client are both on EdgeRouters. Still investigating...


Looks like a buffer over-run issue. You would see this in a highly over-subscribed environment, in this case, a high speed LAN to a slow speed tunnel, with Windows, the OS mitigate this somewhat. . How large a buffer do we have with the EdgeRouter and can be increase it ? 

New Member
Posts: 13
Registered: ‎09-16-2013
Kudos: 4

Re: Very poor PPTP client throughput on ERL

Glad to hear it. Looking forward to what your investigations reveal.

New Member
Posts: 13
Registered: ‎09-16-2013
Kudos: 4

Re: Very poor PPTP client throughput on ERL


@UBNT-Arthur wrote:

I reproduced the issue with the setup while PPTP server and client are both on EdgeRouters. Still investigating...


 

Hi Arthur, any progress?

Ubiquiti Employee
Posts: 2,991
Registered: ‎02-04-2013
Kudos: 354
Solutions: 289

Re: Very poor PPTP client throughput on ERL

I upgraded pptp-linux to the latest wheezy package, however I still saw same issue... Couldn't figure out what to do the next at this moment.

New Member
Posts: 4
Registered: ‎04-30-2013
Kudos: 1

Re: Very poor PPTP client throughput on ERL

Any update on this?

Member
Posts: 306
Registered: ‎11-28-2010
Kudos: 66
Solutions: 4

Re: Very poor PPTP client throughput on ERL

Frown2 Something new here? 

Guifi.net - Xarxa Oberta, Lliure i Neutral - http://guifi.net/

]

Emerging Member
Posts: 44
Registered: ‎05-07-2012
Kudos: 12

Re: Very poor PPTP client throughput on ERL

Has this been fixed in a new version yet?

Thank you.

 

New Member
Posts: 14
Registered: ‎04-30-2014

Re: Very poor PPTP client throughput on ERL

Any fix for this issue yet?

New Member
Posts: 1
Registered: ‎09-21-2014

Re: Very poor PPTP client throughput on ERL

Something new here? I'm having the same problem.