A 16KB frame from where? If it is coming from the Internet then you need to check it again as that isn't usually possible. Jumbo frames are usually restricted to your local network only as virtually all routers on the internet have a maximum MTU of 1500. Your speedtest-cli log shows you're on Virgin Media and their Superhub doesn't support jumbo frames.
The Ethernet MAC inside the Pi 4 SoC does support jumbo frames but the driver doesn't support anything > 1500. Anything over 1500 bytes is considered a jumbo frame BTW. An Ethernet controller will just drop the frame if it sees one that is too long. It doesn't send anything back.TheRocketSurgeon wrote: ↑Wed Sep 11, 2019 10:05 amI read somewhere that the driver for the 4 NIC doesn't support jumbo frames, and whilst this isn't about jumbo frames, it's still larger packets in other ways.... why wouldn't the pi just sling them back through? Or does this look likely to be irrelevant?
That's as about as good as you can get with OpenVPN on the Pi. In my tests on a point to point GbE connection the Pi CPU pegged at 112mpbs with iperf over OpenVPN with AES-128.
I read it right, the point was that about 100mpbs is the most you will ever get out of OpenVPN on a Pi4 with most reasonable ciphers.
Words have a meaning and the definition of routing is not a matter of opinion. As an engineer (...), you should know that.
The rule does exactly what he wants. The other machines on the net have the pi set as their default gateway, the Pi then forwards their traffic to the border gateway, which happens to be on the same subnet.
I've picked up a 2nd nic now, but for various reasons not successfully been able to try it out (e.g the poxy ISP router won't actually change over into modem mode...) I'll hopefully get this tried out this evening though.jerrm wrote: ↑Sat Sep 14, 2019 6:26 pmThe rule does exactly what he wants. The other machines on the net have the pi set as their default gateway, the Pi then forwards their traffic to the border gateway, which happens to be on the same subnet.
Nonsensical for everyday usage, but the ultimate goal is the Pi as a VPN server, and there may be times you want data to flow if the VPN is down.
Not commenting on the overall design, but the no reason it should have the kind of performance hit he sees.
I'm happy to let the OP do the testing, but curious to see the results.