Wan Optimization Support
Technical => Troubleshooting => : lexyus November 25, 2014, 02:45:08 AM
-
dear ahenning,
thank you very much for your reply. My sites are in two different locations and both connected using mikrotik pptp VPN.
i'm attach how i'm setup wanos in both of my sites, please check if it's already correct.
i'm also attach my reports, the optimization were 1x factor and Kb saved were nearly 1KB
thanks for your reply
-
Hi lexyus,
I moved the post to the troubleshooting section.
Ok, based on the stats, optimization is not working yet. You can also check the peer status tab to confirm whether the peers are up/down. From the stats it seems they are 'down'.
- From the info in the screenshots, it looks like traffic is flowing correctly through this end. Also verify that the other end has the exact same stats. Then we know the traffic is flowing in both directions via both appliances.
- Check the logs (Diagnostics > Logs) and see whether there are perhaps any 'Peer detected on lan0' messages. If so, the lan0 and wan0 cables need to be swapped around.
- Check whether the Mikrotik VPN might be stripping the TCP Options 76, which is needed for peer detection. This can be done by setting UDPENCAP=Enable in '/tce/etc/wanos/wanos.conf' en resetting the service from the GUI. Do this on both ends.
-
Dear ahenning,
here's my screenshot from log, a lot of "peer detected on lan0" appear.
so i need to swap the interface, right?
-
Yes, swap one side, then have a look at the logs and the peer status.
-
I already swap interface using Interface stats "Switch Interface Port Roles" function. I swap the one with IP 192.168.7.41.
but it seems the diagnostic -> log & peer status doesn't make any changes. Am i missing something?
-
here's I attached log after swap on one side
-
It could be the old entries. Please reset the service: configure > reset > reset service. After the reset have a look at the logs and peer status.
Since you have the messages in the logs, you are almost there, its just a case of aligning the lan0 and wan0 interfaces. You can use the mac addresses as well to make sure.
-
I have reboot both appliance,
This log comes from 192.168.6.41
Log Options
Display log level: informational
Peer detected on lan0: 319
Peer detected on lan0: 60
Peer detected on lan0: 60
Peer detected on lan0: 52
Peer detected on lan0: 176
Peer detected on lan0: 56
Peer detected on lan0: 60
Sat Jan 5 02:33:36 UTC 2002 : Info : Reboot Requested
Sat Jan 5 02:37:35 UTC 2002 : Routine : Initializing Startup Scripts
Sat Jan 5 02:37:35 UTC 2002 : Routine : Set Interface Roles
Sat Jan 5 02:37:35 UTC 2002 : Routine : Setting Optional Interface driver flags if supported
Cannot set device rx csum settings: Operation not supported
Cannot set device tx csum settings: Operation not supported
Cannot set device scatter-gather settings: Operation not supported
Cannot set device tcp segmentation offload settings: Operation not supported
Cannot set device rx csum settings: Operation not supported
Cannot set device tx csum settings: Operation not supported
Cannot set device scatter-gather settings: Operation not supported
Cannot set device tcp segmentation offload settings: Operation not supported
Sat Jan 5 02:37:36 UTC 2002 : Routine : Check Configs
Sat Jan 5 02:37:36 UTC 2002 : Routine : Updating Configuration
Sat Jan 5 02:37:37 UTC 2002 : Routine : Initializing Wanos Click
wanos.click:11: While initializing 'wan0 :: FromDevice':
warning: wan0: no IPv4 address assigned
Sat Jan 5 02:37:38 UTC 2002 : Alert : Minimum Required Memory is 2GB
wanos.click:12: While initializing 'lan0 :: FromDevice':
warning: lan0: no IPv4 address assigned
DropBroadcasts: dropped a packet
This log comes from 192.168.7.41, which I swapped the interface
Log Options
Display log level: informational
Peer detected on lan0: 52
Peer detected on lan0: 188
Peer detected on lan0: 60
Peer detected on lan0: 52
Tue Nov 25 15:32:21 UTC 2014 : Info : Reboot Requested
Tue Nov 25 15:32:27 UTC 2014 : Routine : Initializing Startup Scripts
Tue Nov 25 15:32:27 UTC 2014 : Routine : Set Interface Roles
Tue Nov 25 15:32:27 UTC 2014 : Routine : Setting Optional Interface driver flags if supported
Cannot set device rx csum settings: Operation not supported
Cannot set device tx csum settings: Operation not supported
Cannot set device scatter-gather settings: Operation not supported
Cannot set device tcp segmentation offload settings: Operation not supported
Tue Nov 25 15:32:28 UTC 2014 : Routine : Check Configs
Tue Nov 25 15:32:28 UTC 2014 : Routine : Updating Configuration
Tue Nov 25 15:32:28 UTC 2014 : Routine : Initializing Wanos Click
Tue Nov 25 15:32:28 UTC 2014 : Alert : Minimum Required Memory is 2GB
wanos.click:11: While initializing 'wan0 :: FromDevice':
warning: wan0: no IPv4 address assigned
wanos.click:12: While initializing 'lan0 :: FromDevice':
warning: lan0: no IPv4 address assigned
DropBroadcasts: dropped a packet
Admin edit: length
-
yes, i screen capture both default interface setting, when i run swap function, the mac address did swap
-
Looks right. You can check the debug log for 'Peer Alive' messages.
Next generate some traffic across the VPN e.g. copy a file across two or three times. Keep an eye on the peer status, throughput and optimization stats.
Note the Alert that a minimum of 2GB memory is needed. Eventually the devices will run out of memory and throughput will slow down or even stop completely.
What is the VPN link speed?
-
Yes sir, I'm just running it from an old stock PC with 1GB memory just to try if it's working. If it does, I will buy a brand new one.
VPN link speed is 4Mb.
and about this solution,
"Check whether the Mikrotik VPN might be stripping the TCP Options 76, which is needed for peer detection. This can be done by setting UDPENCAP=Enable in '/tce/etc/wanos/wanos.conf' en resetting the service from the GUI. Do this on both ends."
would it be better if I do it too?
thanks for reply
-
Dear Ahenning,
i tried to copy same file 3 times to remote site, but it seems it all ran with same transfer rate. Would it be runs faster after several copy?
thanks for reply
-
Since the peer detect messages are reaching the remote peer, udpencap is likely not necessary, but yes you can give it a try (both ends). It could be that some NATting is the obstacle.
Check the peer status, it must say 'up' for optimization to work. How about those 'Peer Alive' messages in the debug log?
-
Dear ahenning,
i have managed to change UDPENCAP options to Enabled on both side and reset service.
peer status still show "Down" on both ends. Where is the "Peer Alive" message in debug log? i can't find it
thanks for reply
-
Hi ahenning, I have some condition, perhaps it might give a clue.
yesterday when you told me to swap the interface on one side, i did swap on one side (192.168.7.41)
then the condition is
192.168.6.41 : peer status Down
192.168.7.41 : peer status Down
and today i try to swap the other wanos (192.168.6.41)
and this is what happen :
192.168.6.41 : peer status up
192.168.7.41 : peer status down
Internet browsing has no problem, but then have a problem with email, we can't send & receive emails from outlook.
After i swap back again the 192.168.6.41 , the peer status goes again to Down and emails are working.
perhaps you could explain what is happening?
thanks for reply
-
It sounds like not all traffic is flowing through the devices in both directions. Does the VPN only tunnel specific traffic to the other end e.g. outlook, but the internet traffic is directly out from the router?
Or rather that the internet traffic is flowing correctly via both devices, but the mail traffic not. For example if the email servers was on a separate VPN, but then you did not have a point to point link, more of a point to multipoint. In this case the second vpn site either also needs a wanop device or that sites subnets needs to be bypassed with a policy rule.
Hope it helps.
-
it suppose all traffic is flowing through same VPN link. We have only 1 kind of it.
I attach my policy rule, is it need to be configured?
-
If it is a truly point to point VPN where all traffic that enters the Mikrotik exits on the Mikrotik on the other side, then no.
But since Outlook stops working after the peers are up, means this traffic is not following through this path. Perhaps the mail server is in a different subnet and the Mikrotik is routing the traffic back out the lan side. In this case exclude the mail server subnet with a bypass policy rule.
-
Dear ahenning,
sorry for late reply. I decide to try reinstall wanos on other PC. Maybe this time with newer PC instead of old stock PC.
So after i reinstall, I should just need to change IP address and make sure to plug the right cables right? or is there any other setting to make sure?
will update it to you later. thanks
-
Yes, and setting the ip addresses to see the graphs can help. That is about it on a normal standard point to point link.
The mikrotik is not perhaps routing some extra subnets back to the lan (e.g. router on a stick)?
-
"The mikrotik is not perhaps routing some extra subnets back to the lan (e.g. router on a stick)?"
I don't really understand what that statement means, can you give me example or explanation?
-
If you have only one subnet at each site then it ok. Nothing else needed.
If there are more than one subnet at each site and the mikrotik is responsible for the routing between these subnets, then a bypass rule is needed e.g. user-subnet > server-subnet bypass and the other way round as well.
For example, let say at one site there are users and servers. Users are on 192.168.1.0/24 and servers 192.168.2.0/24. When users communicate with the servers the traffic might be routed by the WAN/VPN Router. In this case traffic from the User goes through the Wanos device, to the router, then back through the same Wanos device to the Servers. In this case the example bypass rule above is needed.
Or better yet:
1) Create a default any any bypass rule at the end (#99)
2) Create a specific rule (#10) for the two site subnets that needs to be optimized. E.g. if site-1 is 10.1.1.0/24 and site-2 is 10.1.2.0/24. Then optimize only these subnets e.g. Site-1 #10 has src 10.1.1.0/24 to dst 10.1.2.0/24. And site-2 #10 has src 10.1.2.0/24 dst 10.1.1.0/24.
-
Dear ahenning,
after i re-install both PC, somehow i manage to get the optimization working between sites. But i have a some major problem about internet link.
I attached the picture for easier understanding.
You see, i have two sites which linked through Mikrotik pptp VPN. The internet link was only on site A. If users from site B would browse an internet, it will be routed to site A. This is our current condition.
When i attached both wanos, I can do the optimization, but users from both sites cannot connect to internet.
I was wandering, how can I able to still have the optimization but users still can connect to internet?
is there any bypass rule need to be set?
thanks for Reply
-
Hi,
Yes, that is correct, a bypass rule is needed for the Internet traffic. Fortunately it is simple. Rule 99 in the image was created to bypass all traffic. Rule 10 in the image was created to optimized only traffic from site-a .6 to site-b .7 The same config would be needed at site-b, but of course the source would then be .7 and destination .6
Config:
(http://wanos.co/forum/index.php?action=dlattach;topic=127.0;attach=160;image)
-
Thanks ahenning for your quick reply. I will try it tomorrow when lunch break. Will update to you soon.
:D
-
Dear ahenning,
it works flawlessly! after I add policy that you mention, everything is working smoothly.
Thank you very much for your help, very impressive.