DaemonForums  

Go Back   DaemonForums > FreeBSD > FreeBSD General

FreeBSD General Other questions regarding FreeBSD which do not fit in any of the categories below.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 20th October 2008
sim sim is offline
Confirmation Amnesiac
 
Join Date: Jun 2008
Location: London
Posts: 13
Thanked 1 Time in 1 Post
Default Advice needed: File server for VPN - samba, NFS?

Hi all

I've recently set up a nice FreeBSD 7 box as a small company fileserver. Runs samba, OpenVPN, pf, encrypted drives and little else. It simply exposes a dir as a mapped drive for two windows XP clients - myself and my colleague.

When the clients are on the same physical LAN it works beautifully. BUT, over the OpenVPN link it's unusably slow. And I do mean unusable. I've tried the various samba TCP tunings, but have concluded from various sources that SMB is just not suited to a modest WAN connection, due in part to it's "extreme chattiness".

So I seek advice. Are there alternatives that are a) better suited for WAN use, and b) accessible to windows clients? I only know of NFS but have never used it. Any thoughts or suggestions?

/sim
Reply With Quote
  #2   (View Single Post)  
Old 20th October 2008
graudeejs's Avatar
graudeejs graudeejs is offline
Real Name: Aldis Berjoza
formerly killasmurf86
 
Join Date: Jul 2008
Location: Riga, Latvia
Posts: 588
Thanked 29 Times in 26 Posts
Default

Ok, this might sound weird, but, it works for me, when i need to exchange files...

Why not to use scp or for win boxes winscp?
http://winscp.net/eng/index.php


EDIT: you'll need to enable ssh on box to be able to use this

Last edited by graudeejs; 20th October 2008 at 06:35 PM.
Reply With Quote
  #3   (View Single Post)  
Old 20th October 2008
J65nko J65nko is offline
Administrator
 
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 3,147
Thanked 182 Times in 149 Posts
Default

You can reduce the chattiness of the SMB protocol by configuring Samba as a WINS server. Check out the wins support and wins server entries of the smb.conf man page and the referral to. But this assumes/requires that you have different subnets.
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote
  #4   (View Single Post)  
Old 20th October 2008
TerryP's Avatar
TerryP TerryP is offline
Arp Constable
 
Join Date: May 2008
Location: USofA
Posts: 1,547
Thanked 112 Times in 104 Posts
Default

NFS will work with Windows clients, but requires software that can either be costly or bloated to come by for free/semi-free.


I've generally found SSHFS to be the best solution among BSD and Linux based systems, you might take a look at using SCP and see if it suits you're requirements for the VPN end.
__________________
My Journal

Thou shalt check the array bounds of all strings (indeed, all arrays), for surely where thou typest ``foo'' someone someday shall type ``supercalifragilisticexpialidocious''.
Reply With Quote
  #5   (View Single Post)  
Old 20th October 2008
sim sim is offline
Confirmation Amnesiac
 
Join Date: Jun 2008
Location: London
Posts: 13
Thanked 1 Time in 1 Post
Default

Thanks for the tips chaps.

[Win]SCP: I already use this a lot for web server maintenance. It hadn't really occurred to me to use it in this instance as I was keen to have something as seemless as possible with the usual Windows UI (i.e. mapped drive under My Computer). More for my colleague's sake rather than my own Having said that, WinSCP isn't that alien for the lay user I guess, so maybe it's a contender.

SSHFS looks interesting, as with SCP I'll need to see if it passes the same 'non-techie user' criteria.

Sounds like NFS might be problematic...

As a first step I'll look into the WINS stuff though. Never messed with the more sordid details of windows networking before - wish me luck!


Thanks again,

sim
Reply With Quote
  #6   (View Single Post)  
Old 21st October 2008
dk_netsvil dk_netsvil is offline
Real Name: Devon
Fdisk Soldier
 
Join Date: May 2008
Location: New York
Posts: 75
Thanked 7 Times in 7 Posts
Default

NFS over SSH is certainly one way to go. WinSCP with encryption is also an option.
Reply With Quote
  #7   (View Single Post)  
Old 28th October 2008
sim sim is offline
Confirmation Amnesiac
 
Join Date: Jun 2008
Location: London
Posts: 13
Thanked 1 Time in 1 Post
Default

Back again....

This project has taken a bit of a back seat due to other more pressing tasks, but another possibility came to mind. Could one set up Apache and WebDAV (over the OpenVPN), and thus make use of windows' support for web folders?

Sounds like a good option? Reasonably easy to set up? (I'm used to setting up apache from ports etc). Better performance than SMB over WAN connections?

Thoughts?

/s
Reply With Quote
  #8   (View Single Post)  
Old 2nd November 2008
sim sim is offline
Confirmation Amnesiac
 
Join Date: Jun 2008
Location: London
Posts: 13
Thanked 1 Time in 1 Post
Default

Follow-up

Tried the Apache/DAV option over OpenVPN - not bad.

Pros:
o Reasonable integration with windows explorer in XP ("Web folders")
o Fast responsive navigation of file tree
o Good download speed (significantly better than the pipe capacity - must be thanks to compression on the VPN)

Cons:
o *Extremely* slow upload speed, yet this should be faster than the d/l. Must be a problem somewhere - hopefully fixable
o Not able to open files from the web folder directly. Maybe this is hackable in XP..?

So all in all, a promising start. I hope to write up my entire process (FreeBSD config, GELI enc partition, pf config, OpenVPN, Apache/DAV config etc) when I get a chance (and before I forget.. )

/sim
Reply With Quote
  #9   (View Single Post)  
Old 2nd November 2008
mdh's Avatar
mdh mdh is offline
Real Name: Matt D. Harris
FreeBSD 2.2.6 User
 
Join Date: Oct 2008
Location: West Virginia
Posts: 139
Thanked 8 Times in 8 Posts
Default

WebDAV was my first thought, as well. I don't know anything about Windows, but it's generally an alright solution for crossing slow networks, compared to actual "mounted" protocols like NFS or CIFS.

Between OpenVPN and having the disk encrypted, you're probably hammering that server's CPU for large file transfers over the VPN. If you're using SSL in Apache for the WebDAV host, even more so. Check out the CPU load during a couple of concurrent large transfers and see how hard it's getting hammered - if it's bad, you may want to consider using a cryptographic coprocessor, like the ones Soekris sells for under $100. Use AES and make sure all of your software is compiled and configured to take advantage of the crypto card.
Reply With Quote
Old 4th November 2008
sim sim is offline
Confirmation Amnesiac
 
Join Date: Jun 2008
Location: London
Posts: 13
Thanked 1 Time in 1 Post
Default

Thanks for the tip mdh. Yes the disk is encrypted, as is the VPN of course, but no SSL. There's also the VPN compression too. I will check the CPU usage, although I'd be quite alarmed if it was choking under the onslaught of a half meg ADSL line (2.8GHz Xeon, circa 2006)

Unfortunately this is a side project so will have to wait till the weekend to look again.

/sim

PS I didn't realise crypto cards were so cheap these days. I'm quite tempted, just for funnies!
Reply With Quote
Old 4th November 2008
sim sim is offline
Confirmation Amnesiac
 
Join Date: Jun 2008
Location: London
Posts: 13
Thanked 1 Time in 1 Post
Default

Couldn't be bothered to wait till the w/e...

Have just tried removing OpenVPN from the equation, reverting to plain old vanilla webdav over port 80. The upload problem disappears, with the speed being as good as I would expect from the decrepit ADSL line (40KB/s). More importantly, the uploads continue to completion, whereas over the VPN they would suddenly get extremely slow (<3KB/s) after approx 200K and would eventually crap out, rarely getting beyond 500KB. Small files were fine, and transfers in the other direction (server -> client) were great.

So I suppose I have to start troubleshooting OpenVPN. Any ideas, I've never used it before now... I have a faily basic setup - TAP-Win32, tun device, UDP. Could try disabling the VPN compression I suppose*.

Any VPN gurus out there?

Cheers

/s

*ETA: Problem is not due to compression on VPN - just checked.

Last edited by sim; 4th November 2008 at 06:49 PM.
Reply With Quote
Old 4th November 2008
sim sim is offline
Confirmation Amnesiac
 
Join Date: Jun 2008
Location: London
Posts: 13
Thanked 1 Time in 1 Post
Default

FIXED!

After much googling and trawling:

Code:
#openvpn.conf
...
...
link-mtu 1456
mssfix 1412
/sim
Reply With Quote
Reply

Tags
freebsd, nfs, openvpn, samba, smb

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
laptop buy - some advice needed gosha OpenBSD General 11 5th July 2009 02:34 PM
Samba Server on FreeBSD 6.1 MiniStrange FreeBSD General 1 8th August 2008 02:57 PM
searching for a SP/PDA like device, advice needed TerryP Off-Topic 5 26th July 2008 03:54 AM
Remote Access to File Server Oko OpenBSD Security 7 23rd June 2008 05:17 PM
Convertin A Ubuntu ssh/ Samba server to NetBSd FloridaBSD FreeBSD General 6 24th May 2008 09:35 AM


All times are GMT. The time now is 05:55 PM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick