[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

[Openvpn-users] Re: MTU problem?


  • Subject: [Openvpn-users] Re: MTU problem?
  • From: Jochen Witte <jwitte@xxxxxxxxxxxxx>
  • Date: Sat, 22 Jan 2005 16:58:56 +0100

Am Sat, 22 Jan 2005 00:34:50 -0700 schrieb James Yonan:

> On Fri, 21 Jan 2005, Jochen Witte wrote:
> 
>> Hello,
>> 
>> I finally managed to setup my VPN between to subnets (see thread "routing
>> forever).
>> 
>> I now upgraded to OpenVPN 2.0 with certificates and server/client mode.
>> OK, I succeeded in setting up the VPN: I can ping from one sunet to the
>> other without problems. However everything else just hangs. From the
>> gateway machines everything works well (e.g. ssh, http, ftp...). Also, I
>> can reach the opposite gw from the subnet with ssh. But NOT: from subnet A
>> to subnet B.
>> With "verb 6" I can see packets with length 84 travelling from one subnet
>> to the other, but nothing happens...
>> 
>> Any hints?
> 
> This sounds like a classic MTU problem.  Try "mssfix 1200" or "mssfix 
> 1300".
> 
I played around with

tun-mtu, tun-mtu-extra, fragment, mssfix

with lots of combinations and different values -- allways the same effect.
When I look on the wire with tethereal I get:

interenal interface

[root@host root]# tethereal host 10.128.0.10
Capturing on eth0
  0.000000 192.168.0.67 -> 10.128.0.10  TCP 32939 > ssh [SYN] Seq=0 Ack=0 Win=5840 Len=0 MSS=1460
  0.101004  10.128.0.10 -> 192.168.0.67 TCP ssh > 32939 [SYN, ACK] Seq=0 Ack=1 Win=5840 Len=0 MSS=1118
  2.372124  10.128.0.10 -> 192.168.0.67 TCP ssh > 32938 [SYN, ACK] Seq=0 Ack=1 Win=5840 Len=0 MSS=1118
  2.999637 192.168.0.67 -> 10.128.0.10  TCP 32939 > ssh [SYN] Seq=0 Ack=0 Win=5840 Len=0 MSS=1460
  3.097806  10.128.0.10 -> 192.168.0.67 TCP ssh > 32939 [SYN, ACK] Seq=0 Ack=1 Win=5840 Len=0 MSS=1118
  3.170076  10.128.0.10 -> 192.168.0.67 TCP ssh > 32939 [SYN, ACK] Seq=0 Ack=1 Win=5840 Len=0 MSS=1118


tun interface

[root@firefly root]# tethereal -i tun0 host 10.128.0.10
tethereal: WARNING: arptype 65534 not supported by libpcap - falling back to cooked socket.
Capturing on tun0
  0.000000 192.168.0.67 -> 10.128.0.10  TCP 32940 > ssh [SYN] Seq=0 Ack=0 Win=5840 Len=0 MSS=1460
  0.100753  10.128.0.10 -> 192.168.0.67 TCP ssh > 32940 [SYN, ACK] Seq=0 Ack=1 Win=5840 Len=0 MSS=1118
  0.149312  10.128.0.10 -> 192.168.0.67 TCP ssh > 32939 [SYN, ACK] Seq=0 Ack=1 Win=5840 Len=0 MSS=1118
  2.999361 192.168.0.67 -> 10.128.0.10  TCP 32940 > ssh [SYN] Seq=0 Ack=0 Win=5840 Len=0 MSS=1460
  3.000710 192.168.0.67 -> 10.128.0.10  TCP 32940 > ssh [SYN] Seq=0 Ack=0 Win=5840 Len=0 MSS=1460
  3.003071 192.168.0.67 -> 10.128.0.10  TCP 32940 > ssh [SYN] Seq=0 Ack=0 Win=5840 Len=0 MSS=1460


OpenVPN log:


Jan 22 16:30:34 gw2 openvpn[30643]: UDPv4 WRITE [85] to gw1:1194:
   P_DATA_V1 kid=5 DATA len=84 

Jan 22 16:30:34 gw2 openvpn[30643]: UDPv4 READ [85] from gw1:1194:
   P_DATA_V1 kid=5 DATA len=84 


Jan 22 16:30:34 gw2 openvpn[30643]: UDPv4 READ [85] from gw1:1194:
   P_DATA_V1 kid=5 DATA len=84 

Jan 22 16:30:37 gw2 openvpn[30643]: UDPv4 WRITE [85] to gw1:1194:
   P_DATA_V1 kid=5 DATA len=84

Jan 22 16:30:37 gw2 openvpn[30643]: UDPv4 READ [85] from gw1:1194:
   P_DATA_V1 kid=5 DATA len=84


After all, I do not know what to do further. I tried TCP with the same
result. Both machines are Linux.

Jochen


> James
> 
> 
> 
> -------------------------------------------------------
> This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting
> Tool for open source databases. Create drag-&-drop reports. Save time
> by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc.
> Download a FREE copy at http://www.intelliview.com/go/osdn_nl



____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users