[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] Windows client, mysterious routes and MTU issues

  • Subject: Re: [Openvpn-users] Windows client, mysterious routes and MTU issues
  • From: Erich Titl <erich.titl@xxxxxxxx>
  • Date: Mon, 06 Feb 2006 14:52:58 +0000
John A. Sullivan III wrote:
..
> 
> <snip>
> The Windows client requests an MSS of 1460:
> Transmission Control Protocol, Src Port: 1349 (1349), Dst Port: 22 (22),
> Seq: 0, Ack: 0, Len: 0
>     Source port: 1349 (1349)
>     Destination port: 22 (22)
>     Sequence number: 0    (relative sequence number)
>     Header length: 28 bytes
>     Flags: 0x0002 (SYN)
>     Window size: 16384
>     Checksum: 0x7b77 [correct]
>     Options: (8 bytes)
>         Maximum segment size: 1460 bytes
>         NOP
>         NOP
>         SACK permitted

OK, this is the syn packet

> 
> Then the OpenVPN server replies saying the MTU is 0:
>     Type: 3 (Destination unreachable)
>     Code: 4 (Fragmentation needed)
>     Checksum: 0x133e [correct]
>     MTU of next hop: 0

This is a bit premature, can you correlate this packet with the previous
TCP request? What are the source and destination addresses for this packet.

> 
> Then destination replies that it wants an MSS of 1368:
> Transmission Control Protocol, Src Port: 22 (22), Dst Port: 1349 (1349),
> Seq: 0, Ack: 1, Len: 0
>     Source port: 22 (22)
>     Destination port: 1349 (1349)
>     Sequence number: 0    (relative sequence number)
>     Acknowledgement number: 1    (relative ack number)
>     Header length: 28 bytes
>     Flags: 0x0012 (SYN, ACK)
>     Window size: 32440
>     Checksum: 0x364d [correct]
>     Options: (8 bytes)
>         Maximum segment size: 1368 bytes
>         NOP
>         NOP
>         SACK permitted

And this baffles me, as it appears to be the correct SynAck Packet for
the TCP request. So my main question is, why do you get a SynAck for a
connection which was rejected beforehand with an ICMP type 3
(destination unreachable) message? For my understanding there is
something amiss here.

> 
> Why am I getting an MTU request of 0 from the OpenVPN server? 1500 byte
> pings pass fine.  I would expect that PMTU-D should work:

Mhhh.... your ICMP messages may not have the DF bit set....

cheers

Erich


____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users

Warning: require_once(../../../archive_common.php) [function.require-once]: failed to open stream: No such file or directory in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2006-02/msg00082.html on line 243

Fatal error: require_once() [function.require]: Failed opening required '../../../archive_common.php' (include_path='/usr/local/lib/php') in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2006-02/msg00082.html on line 243