Followup: OpenConnect unusably slow

[David Woodhouse]

On Tue, 2013-06-18 at 09:37 +0200, Thomas Richter wrote:
> Dear David,
> 
> > please find the capture of the openconnect stream attached. Not sure
> > whether anything suspicious is in there. 

Look at the incoming DTLS packets in wireshark. At 07:36:52.392253 you
see a packet with sequence number 11911. The next incoming packet is at
07:37:03.324335, with sequence number 11924. You've had some kind of
network outage of about 10 seconds, and dropped 12 packets.

It's also interesting that your packets seem to be *fragmented*. At a
stupidly low size — 764 bytes. Is that really representative of the
network path over the Internet between you and the server? Or has
someone done something stupid and configured it that way because they
don't understand path MTU discovery and misconfigured a firewall to drop
ICMP?

But I don't *think* that's relevant. It'll make things less efficient,
and you might do better to add '--mtu 750' on the openconnect command
line. But the real problem seems to be that the network link between you
and the server is dropping large numbers of packets.

If you run 'mtr 129.69.90.139' do you see this same loss? At what point
in your network? Are you also losing connectivity to your local router?

> On my second system (the newer
> > one) openconnect stopped working completely. You start the program, then
> > nothing happens at all. No error message, nothing. It says that it could
> > not open /dev/net/tun nor /dev/tun, though the kernel did not change. No
> > idea...

If it's saying that it can't open the tun device then that sounds like
an error message to me. Does it not exit after that? Can you show me the
output when this happens?

-- 
dwmw2

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5745 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20130618/9e7efe75/attachment.bin>