From nobody Thu Sep 21 18:16:34 2023
X-Original-To: freebsd-net@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Rs3WX024Bz4tns1
	for <freebsd-net@mlmmj.nyi.freebsd.org>; Thu, 21 Sep 2023 18:16:40 +0000 (UTC)
	(envelope-from void@f-m.fm)
Received: from out2-smtp.messagingengine.com (out2-smtp.messagingengine.com [66.111.4.26])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mx1.freebsd.org (Postfix) with ESMTPS id 4Rs3WW0602z3K0w
	for <freebsd-net@freebsd.org>; Thu, 21 Sep 2023 18:16:38 +0000 (UTC)
	(envelope-from void@f-m.fm)
Authentication-Results: mx1.freebsd.org;
	dkim=pass header.d=f-m.fm header.s=fm2 header.b=Ebv3fl53;
	dkim=pass header.d=messagingengine.com header.s=fm2 header.b="AwaSNLx/";
	spf=pass (mx1.freebsd.org: domain of void@f-m.fm designates 66.111.4.26 as permitted sender) smtp.mailfrom=void@f-m.fm;
	dmarc=pass (policy=none) header.from=f-m.fm
Received: from compute5.internal (compute5.nyi.internal [10.202.2.45])
	by mailout.nyi.internal (Postfix) with ESMTP id 74E255C0070
	for <freebsd-net@freebsd.org>; Thu, 21 Sep 2023 14:16:37 -0400 (EDT)
Received: from mailfrontend1 ([10.202.2.162])
  by compute5.internal (MEProxy); Thu, 21 Sep 2023 14:16:37 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=f-m.fm; h=cc
	:content-type:content-type:date:date:from:from:in-reply-to
	:message-id:mime-version:reply-to:sender:subject:subject:to:to;
	 s=fm2; t=1695320197; x=1695406597; bh=QUCyxb2tkh37MPYJHtsQql/Tu
	lkJPZa8EHCY9cbHyBU=; b=Ebv3fl532sXC97lrx5FzM36AN42twCmU3PI7YaSZ8
	D7QA0tYbr8z5QiugI2qSbvtY/gKmwTDe85rYbwjJoW/yZSCYxmzV8b0gpwlq5v9k
	iOyUZA1EXoJdwTXqXt/NJhDL3KhYWL1w1axtpaYKZpJ6W1BeMYGey8mO4VlY+8wC
	TeE5i7HcA+3s7oVO5jYdRR5Wb1MioilvYhTUUdtaf9CXNS/PlL608R3Gk/xLHKEv
	xfh/ddbPOWj9WsinpwLPQaC0NsgohbfNXnC2q2ZWZnXW1tPlEE91gWmWEBeTSV2p
	WSPtNTJ5+b8uKv4x57eKtiNBhU12ogWq4rHj9/8cPfSMw==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
	messagingengine.com; h=cc:content-type:content-type:date:date
	:feedback-id:feedback-id:from:from:in-reply-to:message-id
	:mime-version:reply-to:sender:subject:subject:to:to:x-me-proxy
	:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm2; t=
	1695320197; x=1695406597; bh=QUCyxb2tkh37MPYJHtsQql/TulkJPZa8EHC
	Y9cbHyBU=; b=AwaSNLx/TsEPx9NKMm39RUuzB4lHNQVPUMFJA9sjLA1xfY+954D
	RclJnS0TJ9Bo2KF5YtgjDnSlycRhC28iSUF3LFgIDWe2JUlkno9dEmWbBDzwi0um
	NwMbtFDYlWWwLslO7InCEKdwyRN/W4buvJZk1BPLSRg7rBmP/srcma2WjEzwoAWv
	7Aes/j4pBz0NILN09jtkWBANUgXYyOoymz6hnBUwgfPIlYoChmFkvd5iQ1RJcVUs
	deNfsAQaLrCmB2b8XhdxqF0Oxq3+Zmy+iXbGBXW0+v2TUIFPOHzv0GzbjdLZcbEX
	96tppno6LxFm1U7S9TCYAtsmmhu9QOO3kBA==
X-ME-Sender: <xms:hYgMZdZBt4QaGtuwFq8moe6PYOKk9SqrrffnzmmLbTXMpjxD4ktYYw>
    <xme:hYgMZUZoa7RaXLpr4SjwZAmNiYTya2_v_dOmWcBG5uWwxK3d4qeTKqBhjepgRF6dC
    rekX3Yy0MuMlS8DFw>
X-ME-Received: <xmr:hYgMZf-hUh1HH8y-kvxDx8nOfkXAbyUzYgw6WXmAX3XrB-blTLpTz9E>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedviedrudekiedguddvvdcutefuodetggdotefrod
    ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfgh
    necuuegrihhlohhuthemuceftddtnecunecujfgurhepfffhvffukfggtggusehttdortd
    dttddvnecuhfhrohhmpehvohhiugcuoehvohhiugesfhdqmhdrfhhmqeenucggtffrrght
    thgvrhhnpeeijedugfdvkeekteffkefgueeivdehueehudffuddtieevgfelkeevteegue
    dtkeenucffohhmrghinhepvgigrghmphhlvgdrohhrghenucevlhhushhtvghrufhiiigv
    pedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpehvohhiugesfhdqmhdrfhhm
X-ME-Proxy: <xmx:hYgMZbp_sXcnrVa_2oXukquJkqKXPmAXCwwKtbDirfbQ8FspLlYhPQ>
    <xmx:hYgMZYpCELcLQWhtNoT5wAwe8dRCDwkkfJNWlJD9T30GkBgsR8NPWQ>
    <xmx:hYgMZRTt0hHYERHVFdFq4o3VIWtrm9dqHf-zrXVHA9ZwN9s4Ih1QTQ>
    <xmx:hYgMZeEdfvMjl3g6HmPaMHrUkaJOZ3mzOrNrRI3JSzaZFi7t_m-J5Q>
Feedback-ID: i2541463c:Fastmail
Received: by mail.messagingengine.com (Postfix) with ESMTPA for
 <freebsd-net@freebsd.org>; Thu, 21 Sep 2023 14:16:36 -0400 (EDT)
Date: Thu, 21 Sep 2023 19:16:34 +0100
From: void <void@f-m.fm>
To: freebsd-net@freebsd.org
Subject: openvpn and no buffer space available (13.2-stable)
Message-ID: <ZQyIgukcwuHbAhLr@int21h>
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-net
List-Help: <mailto:freebsd-net+help@freebsd.org>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Subscribe: <mailto:freebsd-net+subscribe@freebsd.org>
List-Unsubscribe: <mailto:freebsd-net+unsubscribe@freebsd.org>
Sender: owner-freebsd-net@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Disposition: inline
X-Spamd-Bar: ----
X-Spamd-Result: default: False [-4.68 / 15.00];
	DWL_DNSWL_LOW(-1.00)[messagingengine.com:dkim];
	NEURAL_HAM_MEDIUM(-1.00)[-1.000];
	NEURAL_HAM_LONG(-1.00)[-1.000];
	NEURAL_HAM_SHORT(-0.98)[-0.978];
	DMARC_POLICY_ALLOW(-0.50)[f-m.fm,none];
	MID_RHS_NOT_FQDN(0.50)[];
	R_SPF_ALLOW(-0.20)[+ip4:66.111.4.26];
	R_DKIM_ALLOW(-0.20)[f-m.fm:s=fm2,messagingengine.com:s=fm2];
	MIME_GOOD(-0.10)[text/plain];
	RWL_MAILSPIKE_GOOD(-0.10)[66.111.4.26:from];
	RCVD_IN_DNSWL_LOW(-0.10)[66.111.4.26:from];
	PREVIOUSLY_DELIVERED(0.00)[freebsd-net@freebsd.org];
	BLOCKLISTDE_FAIL(0.00)[66.111.4.26:server fail];
	FROM_HAS_DN(0.00)[];
	TO_MATCH_ENVRCPT_ALL(0.00)[];
	RCPT_COUNT_ONE(0.00)[1];
	RCVD_TLS_LAST(0.00)[];
	MLMMJ_DEST(0.00)[freebsd-net@freebsd.org];
	RCVD_COUNT_THREE(0.00)[3];
	TO_DN_NONE(0.00)[];
	FREEMAIL_FROM(0.00)[f-m.fm];
	ARC_NA(0.00)[];
	DKIM_TRACE(0.00)[f-m.fm:+,messagingengine.com:+];
	MIME_TRACE(0.00)[0:+];
	FROM_EQ_ENVFROM(0.00)[];
	ASN(0.00)[asn:19151, ipnet:66.111.4.0/24, country:US];
	FREEMAIL_ENVFROM(0.00)[f-m.fm];
	RCVD_VIA_SMTP_AUTH(0.00)[]
X-Rspamd-Queue-Id: 4Rs3WW0602z3K0w

Hello @net,

tl;dr : is there anything specific to freebsd that needs to be set
in order for openvpn to perform well? What buffer space is ping
complaining about?

context is recent 13.2 stable, on amd64, and it's a bhyve guest.
The openvpn client uses UDP, on tun0.

The problem is that when the connection becomes heavily
used, the client end finds that sites that would normally
immediately load often wont; one has to sit there clicking
multiple times to get any site to load.

ping shows this:

64 bytes from 93.184.216.34: icmp_seq=37 ttl=53 time=147.407 ms
ping: sendto: No buffer space available
64 bytes from 93.184.216.34: icmp_seq=40 ttl=53 time=174.738 ms
64 bytes from 93.184.216.34: icmp_seq=41 ttl=53 time=119.048 ms
64 bytes from 93.184.216.34: icmp_seq=42 ttl=53 time=169.223 ms
ping: sendto: No buffer space available
64 bytes from 93.184.216.34: icmp_seq=44 ttl=53 time=183.493 ms
64 bytes from 93.184.216.34: icmp_seq=45 ttl=53 time=162.594 ms
^C
--- example.org ping statistics ---
46 packets transmitted, 36 packets received, 21.7% packet loss
round-trip min/avg/max/stddev = 118.258/156.360/184.931/19.508 ms

I've ran mtu-test on the client, which gives these results

Empirical MTU test completed [Tried,Actual] local->remote=[1455,1455] remote->local=[1427,1427]

in /etc/sysctl.conf, I've changed these values:

net.inet.udp.recvspace=524288
kern.ipc.shm_use_phys=1
net.inet.tcp.sendspace=524288
net.inet.tcp.recvspace=524288
net.inet.tcp.rfc1323=1
net.inet.tcp.always_keepalive=0
kern.ipc.soacceptqueue=524288

in /boot/loader.conf, these:

kern.maxusers="4096"
vm.vnode_pbufs="10240"
kern.ipc.nmbclusters="5000000"

tia,
--