[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

[Openvpn-users] bug report + Link MTU - openvpn sending too large frames?


  • Subject: [Openvpn-users] bug report + Link MTU - openvpn sending too large frames?
  • From: Mike Ireton <mike-openvpn@xxxxxxxxxxxxxxxxxx>
  • Date: Fri, 7 Jan 2005 05:42:50 +0000 (UTC)

I'm using OpenVPN (tls server mode, 2.0_rc6), on my wireless network to tunnel
layer2 and it's a great help. One problem I've noticed however has to do with
fragementation - it appears that openvpn is trying to send frames that are too
big - up to 1509 bytes in fact - and this is causing excess fragementation on
the endpoints which in turn means that sometimes, these large packets can be
reconstructed, leading to some (minor) packet loss and general ineffeciancies.
This also seems to cause some errors which openvpn notes in the logs. Here's
some tcpdump output:

21:18:59.916433 x.x.x0.39.5000 > x.x.x1.52.1048:  udp 1509 (frag 41382:1480@0+)
21:18:59.921593 x.x.x0.39.5000 > x.x.x1.52.1048:  udp 1509 (frag 41383:1480@0+)
21:18:59.976583 x.x.x0.39.5000 > x.x.x1.52.1048:  udp 1509 (frag 41384:1480@0+)
21:18:59.981257 x.x.x0.39.5000 > x.x.x1.52.1048:  udp 1509 (frag 41385:1480@0+)
21:18:59.988882 x.x.x0.39.5000 > x.x.x1.52.1048:  udp 1509 (frag 41386:1480@0+)
21:19:00.034423 x.x.x0.39.5000 > x.x.x1.52.1048:  udp 1509 (frag 41387:1480@0+)
21:19:13.101311 x.x.x0.39.5000 > x.x.x0.203.1026:  udp 1485 (frag 3973:1480@0+)
21:19:13.164115 x.x.x0.203.1026 > x.x.x0.39.5000:  udp 1485 (frag 42823:1480@0+
21:19:22.646307 x.x.x0.39.5000 > x.x.x1.52.1048:  udp 1509 (frag 41388:1480@0+)
21:19:22.925918 x.x.x0.39.5000 > x.x.x1.52.1048:  udp 1509 (frag 41389:1480@0+)
21:19:22.955140 x.x.x0.39.5000 > x.x.x1.52.1048:  udp 1509 (frag 41390:1480@0+)
21:19:22.956032 x.x.x0.39.5000 > x.x.x1.52.1048:  udp 1509 (frag 41391:1480@0+)
21:19:23.001567 x.x.x0.39.5000 > x.x.x1.52.1048:  udp 1509 (frag 41392:1480@0+)
21:19:23.256498 x.x.x0.39.5000 > x.x.x1.52.1048:  udp 1509 (frag 41393:1480@0+)
21:19:23.289358 x.x.x0.39.5000 > x.x.x1.52.1048:  udp 1509 (frag 41394:1480@0+)
21:19:23.343334 x.x.x1.52.1048 > x.x.x0.39.5000:  udp 1509 (frag 58266:1480@0+)

ALSO, openvpn will log messages like "read UDPv4 [EHOSTUNREACH]: No route to
host (code=113)". but this is in response to icmp messages 'ip reassembly time
exceeded'. I know this because I did tcpdump and tail -f my syslog on the same
machine and noted this (note the times match):

(from syslog)
Jan  6 22:37:45 l2server daemon.err openvpn[16622]: read UDPv4
[EHOSTUNREACH]: No route to host (code=113)
Jan  6 22:37:55 l2server daemon.err openvpn[16622]: read UDPv4
[EHOSTUNREACH]: No route to host (code=113)

(from tcpdump)
22:37:45.830753 IP x.x.x.203 > x.x.x.39: icmp 556: ip reassembly
time exceeded
22:37:55.133030 IP x.x.x.203 > x.x.x.39: icmp 556: ip reassembly
time exceeded

This had been bugging me for a long time.


Also - why when I use the mtu-test option do I get these strange results?

Jan  6 21:06:02 tower3 daemon.notice openvpn[18846]: NOTE: Empirical MTU test
completed [Tried,Actual] local->remote=[1605,1605] remote->local=[1605,1605]


Thanks...




-------------------------------------------------------
The SF.Net email is sponsored by: Beat the post-holiday blues
Get a FREE limited edition SourceForge.net t-shirt from ThinkGeek.
It's fun and FREE -- well, almost....http://www.thinkgeek.com/sfshirt
_______________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users