Hi there,

Recently I notice that when I'm connected to an vpn server (pptpd) and I'm using it as a default gateway my download and upload speed decreases almost to the half of the usual speed. I made a test using iptables in order to count how much GRE packets are generated (except the real traffic itself) in that way:

The first 2 rules match all GRE packets between the pptpd server and client, and the next rules - the traffic between the server and the client.

When I turn the counters to zero and begin to generate traffic (to browse, to download etc.) I see that the GRE packets are even more than these in the FORWARD chain.

So, my question is first of all is my test correct and is it true that so much gre traffic is being generated during the browsing (it becames clear that the traffic is double than if the pptpd wasn't used as a gateway) and if yes - can that traffic be reduced?

Thanks a lot for the answer!

Kind regards,
Viktor

Is the PoPToP service running on the same box as the firewall?

yes!

Sorry I am taking so long to get back.
I have had this same issue on slackware 10.1 (kernel 2.4.29). Though I did not find the time to diagnose the problem to its fullest, I did work around it by moving the PoPToP service to another box behing the firewall and add a port forwarding rule to the firewall startup script. In trouble shooting the issue as much as I did, I was working on the theory that there is some conflict in the netfilter and mppe portions of the kernel code (in that one runs just fine with out the other). Unfortunately, once the issue was worked around life and work came back into being the priority.