[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] Exchange over OpenVPN giving General Failure code=31


  • Subject: Re: [Openvpn-users] Exchange over OpenVPN giving General Failure code=31
  • From: "Paul Goodyear" <pgudge@xxxxxxxxx>
  • Date: Sun, 3 Feb 2008 14:23:03 +0000
  • Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; bh=SSXg1EYGl/dx5Q7HOreAHJxaVWISINg7kFp540TO8lo=; b=mCr7ISHF05NnX4LrcvIsJYRzuK0g1eXJZL9dj1TAex6w9OhHea81cIVbZ6qtJhwxbfHtmE0SDjj+CZUapdVNyxkOLcJz0tM8totWRHTyRi81JFnEPjaGTTkcSeOzoKzDQKur5sHKQr9K/mel13nJgXlp1zWOzLcXTwbNPDLs2s8=

Thanks James, however, I have not altered anything in the config file
other than the pkcs12 filename.

I changed the OpenVPN config to look like this

tun-mtu 1500
mssfix 1500

and also in the OpenVPN OpenVPN server settings I changed the MTU to
1500 and Outlook works perfectly, thanks.

I think the mtu was not the default as the configs were produced by
the OpenVPN server and that has the MTU=1400.

Thanks for your help James.

PaulG.

On Feb 2, 2008 8:29 PM, James Yonan <jim@xxxxxxxxx> wrote:
>
> Paul Goodyear wrote:
> > HI,
> >
> > I have OpenVPN and OpenVPN GUI running on a XP machine.
> >
> > OpenVPN 2.0.9 Win32-MinGW [SSL] [LZO] built on Oct  1 2006
> > OpenVPN GUI v1.0.3
> >
> > Everything appears to be fine, I can connect and use the company chat
> > server, transfer files from the servers, connect and use the internal
> > PBX. The only issue I am having is connecting to the Exchange server.
> >
> > As soon as Outlook starts I get a few "More data is available
> > (code=234)" messages and a few General failure
> > (ERROR_GEN_FAILURE)(code=31) errors.
> >
> > I have no firewalls in places, everything is open and standard.
> >
> > OpenVPN client config looks like this:
> >
> > #############################################
> > #OpenVPN Server conf
> > tls-client
> > client
> > dev tun
> > proto udp
> > tun-mtu 1400
> > remote (RED INTERFACE ON IPCOP) 1194
> > pkcs12 MyPKCSFile.p12
> > cipher BF-CBC
> > verb 3
> > ns-cert-type server
> >
> > The log looks like this:
> >
> > ############################################
> > Sat Feb 02 14:41:35 2008 read from TUN/TAP  [State=AT?c
> > Err=[c:\src\21\tap-win32\tapdrvr.c/2405] #O=4 Tx=[18733,0,0]
> > Rx=[15949,0,0] IrpQ=[0,1,16] PktQ=[0,24,64]]: More data is available.
> >  (code=234)
> > Sat Feb 02 14:41:35 2008 read from TUN/TAP  [State=AT?c
> > Err=[c:\src\21\tap-win32\tapdrvr.c/2405] #O=4 Tx=[18739,0,0]
> > Rx=[15953,0,0] IrpQ=[0,1,16] PktQ=[0,24,64]]: General failure
> > (ERROR_GEN_FAILURE) (code=31)
> >
> I see the problem.   You are setting tun-mtu to 1400.  You should leave
> this setting at the default value and use mssfix instead as an MTU limiter.
>
> What is occurring is that the TUN/TAP driver is getting packets > 1400
> bytes from the virtual network interface, and is then realizing that
> OpenVPN (running in user space) has only provided a 1400 byte buffer to
> return the packet.  So the TUN tap driver is erring over the attempted
> buffer overflow.
>
> James
>
>