#rantnorant

carstenraddatz@pluspora.com

Aaahhh.. When on the far end of the VPN you finally find that implicit firewall rule, set explicit values you had expected to work all along, and the queue shrinks considerably to 1-digit ms values:

64 bytes from 172.31.23.172: icmp_seq=317 ttl=63 time=139210.712 ms
64 bytes from 172.31.23.172: icmp_seq=318 ttl=63 time=136205.259 ms
64 bytes from 172.31.23.172: icmp_seq=319 ttl=63 time=133203.965 ms
64 bytes from 172.31.23.172: icmp_seq=320 ttl=63 time=130195.195 ms
64 bytes from 172.31.23.172: icmp_seq=321 ttl=63 time=127189.801 ms
64 bytes from 172.31.23.172: icmp_seq=322 ttl=63 time=124183.020 ms
64 bytes from 172.31.23.172: icmp_seq=323 ttl=63 time=121172.942 ms
64 bytes from 172.31.23.172: icmp_seq=324 ttl=63 time=118169.554 ms
64 bytes from 172.31.23.172: icmp_seq=325 ttl=63 time=115162.931 ms
64 bytes from 172.31.23.172: icmp_seq=326 ttl=63 time=112155.307 ms
64 bytes from 172.31.23.172: icmp_seq=330 ttl=63 time=100127.860 ms
64 bytes from 172.31.23.172: icmp_seq=331 ttl=63 time=97118.831 ms
64 bytes from 172.31.23.172: icmp_seq=327 ttl=63 time=109146.510 ms
64 bytes from 172.31.23.172: icmp_seq=328 ttl=63 time=106142.684 ms
64 bytes from 172.31.23.172: icmp_seq=329 ttl=63 time=103136.992 ms
64 bytes from 172.31.23.172: icmp_seq=335 ttl=63 time=85094.500 ms
64 bytes from 172.31.23.172: icmp_seq=332 ttl=63 time=94113.019 ms
64 bytes from 172.31.23.172: icmp_seq=333 ttl=63 time=91108.768 ms
64 bytes from 172.31.23.172: icmp_seq=338 ttl=63 time=76070.821 ms
64 bytes from 172.31.23.172: icmp_seq=334 ttl=63 time=88102.836 ms
64 bytes from 172.31.23.172: icmp_seq=340 ttl=63 time=70061.626 ms
64 bytes from 172.31.23.172: icmp_seq=336 ttl=63 time=82089.941 ms
64 bytes from 172.31.23.172: icmp_seq=337 ttl=63 time=79079.679 ms
64 bytes from 172.31.23.172: icmp_seq=339 ttl=63 time=73070.683 ms
64 bytes from 172.31.23.172: icmp_seq=341 ttl=63 time=67052.864 ms
64 bytes from 172.31.23.172: icmp_seq=343 ttl=63 time=61042.511 ms
64 bytes from 172.31.23.172: icmp_seq=344 ttl=63 time=58035.110 ms
64 bytes from 172.31.23.172: icmp_seq=346 ttl=63 time=52021.461 ms
64 bytes from 172.31.23.172: icmp_seq=342 ttl=63 time=64047.236 ms
64 bytes from 172.31.23.172: icmp_seq=345 ttl=63 time=55025.201 ms
64 bytes from 172.31.23.172: icmp_seq=350 ttl=63 time=39993.187 ms
64 bytes from 172.31.23.172: icmp_seq=347 ttl=63 time=49011.578 ms
64 bytes from 172.31.23.172: icmp_seq=348 ttl=63 time=46005.024 ms
64 bytes from 172.31.23.172: icmp_seq=349 ttl=63 time=43000.849 ms
64 bytes from 172.31.23.172: icmp_seq=351 ttl=63 time=36982.954 ms
64 bytes from 172.31.23.172: icmp_seq=352 ttl=63 time=33976.872 ms
64 bytes from 172.31.23.172: icmp_seq=353 ttl=63 time=30972.581 ms
64 bytes from 172.31.23.172: icmp_seq=354 ttl=63 time=27965.645 ms
64 bytes from 172.31.23.172: icmp_seq=355 ttl=63 time=24963.999 ms
64 bytes from 172.31.23.172: icmp_seq=356 ttl=63 time=21953.839 ms
64 bytes from 172.31.23.172: icmp_seq=357 ttl=63 time=18945.086 ms
64 bytes from 172.31.23.172: icmp_seq=358 ttl=63 time=15937.562 ms
64 bytes from 172.31.23.172: icmp_seq=359 ttl=63 time=12931.082 ms
64 bytes from 172.31.23.172: icmp_seq=360 ttl=63 time=9923.516 ms
64 bytes from 172.31.23.172: icmp_seq=361 ttl=63 time=6913.243 ms
64 bytes from 172.31.23.172: icmp_seq=362 ttl=63 time=3907.083 ms
64 bytes from 172.31.23.172: icmp_seq=363 ttl=63 time=896.924 ms
64 bytes from 172.31.23.172: icmp_seq=364 ttl=63 time=14.899 ms
64 bytes from 172.31.23.172: icmp_seq=365 ttl=63 time=15.041 ms
64 bytes from 172.31.23.172: icmp_seq=366 ttl=63 time=9.784 ms

Then you know what the documentation means by saying “You can use the default, although this is generally not recommended due to unexpected behaviour”.

Need another coffee now.

#pf #tech #vpn #rantnorant #uifail #ux