[Battlemesh] L2TPv3 pseudo-wire tunnels
Mitar
mitar at tnode.com
Wed Jun 13 15:24:56 CEST 2012
Hi!
At wlan slovenija we were searching for an in-kernel solution to migrate
our OpenVPN tunnels to. As you may know, OpenVPN behaves very badly on
cheap consumer routers as user-space/kernel-space context switches are
quite expensive. After searching for some time, we believe we found a
perfect solution.
At Ninux, they have decided to develop their own in-kernel tunneling,
but we have decided to use L2TPv3 pseudo-wire tunnels which are already
available in the kernel. The missing part is only the broker who creates
this tunnels as clients connect. There is no open-source version of it,
only a commercial one. So Kostko wrote one. ;-) It is not standards
compliant, but it does its job (it uses its own simple control
protocol). Even more, for our purposes, it does it even better. It uses
only one UDP port (52, DNS) for both control and data, so it works over
the NAT and even firewalls which block UDP traffic on non-DNS ports.
Throughput is amazing:
http://www.speedtest.net/result/1997198018.png
This was a client connected to TP-Link WR741ND in AP mode, doing a
tunnel to our server. So it might be that bottleneck is even somewhere
else. ;-) We will test it more.
https://github.com/wlanslovenija/tunneldigger
https://github.com/wlanslovenija/firmware-packages-opkg/tree/master/net/tunneldigger
All this looks now quite stable, we have already more than 10 nodes
deployed like this, but we are still testing and debugging it, and also
documentation is still missing. But if anybody is interested, feel free
to try it out (if you manage to use it) and give us some feedback. I
will write again once we reach a stable version. I am writing this
mostly just to inform about our progress so that you can tune in.
Mitar
More information about the Battlemesh
mailing list