All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Ping inside my vpn route are getting more than 50% packet loss
Hi!
I have a opnevpn server up and runing on a ubuntu 22.04
However, when I ping my clients, I'm getting a high percenteage of packets losses...
root@localhost:~# ping 10.95.0.10
PING 10.95.0.10 (10.95.0.10) 56(84) bytes of data.
64 bytes from 10.95.0.10: icmp_seq=1 ttl=64 time=61.3 ms
64 bytes from 10.95.0.10: icmp_seq=2 ttl=64 time=57.4 ms
64 bytes from 10.95.0.10: icmp_seq=3 ttl=64 time=38.1 ms
64 bytes from 10.95.0.10: icmp_seq=6 ttl=64 time=41.3 ms
64 bytes from 10.95.0.10: icmp_seq=8 ttl=64 time=61.1 ms
64 bytes from 10.95.0.10: icmp_seq=9 ttl=64 time=58.5 ms
64 bytes from 10.95.0.10: icmp_seq=18 ttl=64 time=30.6 ms
64 bytes from 10.95.0.10: icmp_seq=20 ttl=64 time=10.7 ms
64 bytes from 10.95.0.10: icmp_seq=21 ttl=64 time=52.9 ms
64 bytes from 10.95.0.10: icmp_seq=25 ttl=64 time=37.6 ms
^C
--- 10.95.0.10 ping statistics ---
25 packets transmitted, 10 received, 60% packet loss, time 24305ms
rtt min/avg/max/mdev = 10.744/44.956/61.296/15.555 ms
root@localhost:~# #
What I'm not getting
Can you help me?
Comments
If you ping the client outside VPN, do you see same loss?
Capture traffic on both VPN and underlying network interface, on both client and server.
Analyze the packets with Wireshark.
Although the packets are encrypted, you can roughly identify them by timing and packet lengths.
Many thanks @yoursunny I didn't remeber to do that test before...
Yes, indeed, outside vpn keep roughly the same packet loss percenteage, around ~50%
This is between 2 vps...
Now, I don't know wich provider to claim... any other configs or test that I can make to troubleshoot wich one?
traceroute, or better mtr, might give a better hint, try from both ends.
what happened when you pinged some 3rd party site (google.com?) from each vps? come on man.
mtr both ways, with this flag:
mtr -bwzc50 followed by remote IP.
Start: 2025-01-01T17:10:26+0000
HOST: NL Loss% Snt Last Avg Best Wrst StDev
1. AS36352 23-94-101-1-host.colocrossing.com (23.XXX.121.1) 0.0% 50 1.1 1.4 0.8 5.0 0.7
2. AS??? 10.10.0.1 0.0% 50 0.7 1.1 0.6 5.3 0.9
3. AS1299 adm-b10-link.ip.twelve99.net (62.XXXX.XXX.30) 0.0% 50 0.8 0.8 0.6 1.9 0.3
4. AS1299 adm-bb2-link.ip.twelve99.net (62.115.120.228) 64.0% 50 0.8 1.0 0.7 2.0 0.3
5. AS1299 ldn-bb2-link.ip.twelve99.net (62.115.137.234) 72.0% 50 5.7 5.9 5.6 6.9 0.3
6. AS1299 slou-b2-link.ip.twelve99.net (62.115.112.63) 0.0% 50 7.0 6.7 6.3 8.1 0.4
7. AS1299 pulsant-ic-321418.ip.twelve99-cust.net (213.248.95.63) 0.0% 50 6.1 6.7 6.0 21.7 2.2
8. AS60610 185-28-167-90.as60610.net (185.28.167.90) 0.0% 50 6.7 7.7 6.7 43.1 5.1
9. AS60610 5-10-31-62.as60610.net (5.10.31.62) 0.0% 50 8.1 8.8 7.9 36.8 4.1
10. AS49683 XXX.122.XXX.135 24.0% 50 34.0 33.9 8.1 55.8 12.1
root@localhost:~# mtr -bwzc50 2vps.duckdns.org
Start: 2025-01-01T17:15:38+0000
HOST: localhost.localdomain Loss% S nt Last Avg Best Wrst StDev
1. AS49683 175.xxx.157.254 0.0% 50 3.6 1.7 0.3 46.1 6.5
2. AS60610 5-10-31-61.as60610.net (5.10.31.61) 0.0% 50 1.0 0.9 0.4 4.9 0.8
3. AS60610 185-28-167-91.as60610.net (185.28.167.91) 0.0% 50 1.2 2.3 1.1 19.2 3.1
4. AS1299 slou-b2-link.ip.twelve99.net (213.248.95.62) 0.0% 50 2.1 2.0 1.4 8.1 1.0
5. AS1299 ldn-bb1-link.ip.twelve99.net (62.115.127.6) 0.0% 50 2.3 3.4 2.2 25.3 3.4
6. AS1299 adm-bb1-link.ip.twelve99.net (62.115.139.144) 28.0% 50 9.9 10.3 9.7 13.4 0.9
7. AS1299 adm-b10-link.ip.twelve99.net (62.115.120.227) 0.0% 50 8.5 8.7 8.2 10.7 0.5
8. AS1299 hostpapa-ic-354460.ip.twelve99-cust.net (62.115.189.31) 22.0% 50 39.0 34.0 10.3 67.1 13.3
9. AS??? ??? 100.0 50 0.0 0.0 0.0 0.0 0.0
10. AS36352 23-94-101-6-host.colocrossing.com (23.XXX.XXX.6) 12.0%
Two of the worst hosting providers, connected via the worst T1 ISP, what are you expecting?
They look OK from our house though:
Notably, this MTR doesn't pass through LDN-ADM link in AS1299, which seems to be where the problem is.
You can't blame either hosting provider as it's out of their network.
You should blame AS1299 for their congestion.
@yoursunny
so, what I can do?
nothing?
Cancel both servers and buy from premium providers:
Run MTR in the looking glass to confirm connectivity.
Check the IP on https://bgp.tools , open Connectivity tab.
If you see AS1299 or AS174 being the only upstream, run away.
Switch provider I guess that's an obvious one ...
Yeah.. colocrossing network is not good.
I would use something like this to see which provider would work best for you.
https://mtr.tools/
@nexius1981 I had similar issue with a provider, and I couldn’t cancel, cause the faulty it’s this shitty as1299… not provider fault, but the provider needs to open a claim to this TIER1
if your opevpn uses tcp(rare),try bbr on both end.
if your opevpn uses udp(likely),try use udpspeeder as mid tunnel.
I have contact my 2 providers, and they told me that they are aware of this node AS1299, and both told me that many providers have allready claimed about this situation...
Despite they can't do nothing, they will keep speacking with this infrastucture.
Can't refund me, due to the reasons offside their "hands"
This is crap i guess?
There are three upstreams so it's not too bad.