dnsmasq vs secure NAT

Post your questions about SoftEther VPN software here. Please answer questions if you can afford.
Post Reply
KatherineEddie
Posts: 25
Joined: Fri Nov 11, 2022 9:45 am

dnsmasq vs secure NAT

Post by KatherineEddie » Mon Dec 26, 2022 12:01 pm

According to this post
https://blog.lincoln.hk/blog/2013/05/17 ... al-bridge/
he mentions using dnsmasq increases SE server speed.

I have tested this for about two weeks, in two different servers (locations), both with Debian and Ubuntu and their speed were the same.
And not only dnsmasq did not increase the speed but slowed down client IP allocation,

- secure NAT would take 1-2 second (tested with Open SSTP client on Android)
- dnsmasq would take 3-5 second (tested with Open SSTP client on Android)

Now my question is that is there any technical reason/explanation which can prove the SE server built-in secure NAT is slower? or Bridge in Linux is faster?
Regards

solo
Posts: 1228
Joined: Sun Feb 14, 2021 10:31 am

Re: dnsmasq vs secure NAT

Post by solo » Mon Dec 26, 2022 1:46 pm

KatherineEddie wrote:
Mon Dec 26, 2022 12:01 pm
is there any technical reason/explanation which can prove the SE server built-in secure NAT is slower? or Bridge in Linux is faster?
Yes, quotes from SoftEther docs...

PERFORMANCE
Precautions relating to Performance

By possessing an internal virtual TCP/IP stack, SecureNAT performs the highly advanced process of reassembling the TCP/IP stream packetized once by the TCP/IP stack and further TCP/IP packetizing via the operating system. The overhead resulting from these processes is large, such that throughput via the virtual NAT is considerably decreased when compared to physical maximum throughput, even when using a computer with sufficiently high speed. That is why virtual NAT should not be used for performance-centric applications. As previously stated, virtual NAT is a function which can be used as an alternative when the local bridge function cannot be used for security or technical reasons. Where high-speed methods such as local bridging are available, those methods should be used.
FUNCTIONALITY
The Virtual DHCP Server provides simple DHCP server functions, and does not require System Administrator Authority to operate. The use of authentic UNIX or Windows DHCP server software is recommended where the Virtual DHCP Server functions are insufficient. Please note that there have been reports of a problem for client computers using Windows, wherein the options relating to the default gateway and DNS server received upon the previous assignment from the DHCP server are cached, and when these values are left blank on the subsequent connection, these previous ones are applied. While this appears to be a Windows OS specification, we recommend trying to connect to a separate DHCP server once in an attempt to overcome it.
SCALABILITY
static routing table to push... maximum: 64 entries

KatherineEddie
Posts: 25
Joined: Fri Nov 11, 2022 9:45 am

Re: dnsmasq vs secure NAT

Post by KatherineEddie » Mon Dec 26, 2022 2:36 pm

Thanks , for anyone had this question here is link for that page
https://www.softether.org/index.php?tit ... CP_Servers

Just one question, is this overhead true for any environment e.g VM (virtual machines) or no, just will effect physical machines?

It is strange to me why I did not get a big difference of effects/measures using dnsmasq vs secure NAT.
So I think I have to test it more.

Post Reply