For When You Can't Have The Real Thing
[ start | index | login ]
start > Sun > Sun Ray > Internet-VPN install

Internet-VPN install

Created by dave. Last edited by dave, 19 years and 45 days ago. Viewed 5,322 times. #3
[diff] [history] [edit] [rdf]

Running A Sun Ray Over A VPN


I have a Netopia R910 VPN'd over a cable modem ISP across the arbitrary internet into a 3Com SuperStack3.

The ISC dhcpd is providing the x-display-server option with the IP address of the Sun Ray server at head office; no other special options were initially offered.

The static installation did not work. The result was heavy fragmentation, the screen updating visibly by blocks, and not receiving all blocks. Unusable.

At a suggestion from the WebLog, I changed the dhcp option to supply a MTU of 1266. I also set the MTU of the Sun Ray server to be the same size. Result was the connection icon came up (locked lock with a green check), indicating network tone, but nothing was displayed. I didn't have the smart card with me to see if I could get anything else out of it.

When I went in the next day, the Sun Ray 170 on my desk was unhappy with the change in MTU on the server (my Sun Ray at home is accessing the same network as is hosting the local Sun Rays). Reverting the server's MTU change corrected this.

I have done the ping test from home to the office through the VPN (on windows: ping $ADDRESS -l $SIZE -f) and the largest number I could get through was 1413 bytes.

Update, 22 Jan 2005:
Got it working. I have made these changes:

  • mtu set on the client via the interface-mtu option to 1400
  • mtu set on the server interface to 1400, downed then up-ed the interface, then cold-restarted all sun ray services.
Note that my sources at Sun insist that messing with the server side should not be necessary at all.

I made sure that the Sun Ray was powered off completely when cycling dhcpd. It is almost as if the Sun Ray does not respect changes to options fields even if the assigned lease changes while the system is powered on.

Interestingly the give me a smartcard icon screen is still messed up, but everything else paints reasonably quickly. I would say that a full screen repaint takes less than two seconds. So we will not be watching video over this (or listening to music, for that matter) but it is reasonably usable. It is vastly superior to X applications over the same VPN.

no comments | post comment
This is a collection of techical information, much of it learned the hard way. Consider it a lab book or a /info directory. I doubt much of it will be of use to anyone else.

Useful: | Copyright 2000-2002 Matthias L. Jugel and Stephan J. Schmidt