Menu
▾
▴
[Openvpn-users] Tun interface and mtu issues
|
From: Nikita K. <kos...@gm...> - 2010-08-28 19:24:24
|
Hello openvpn/routing experts. Don't know is it right place to post this problem, redirect me if I'm wrong. Setup: openvpn-client --> openvpn-server --> local-net tun0(mtu 1500) tun0(mtu 1300) eth0(mtu1500) eth0(mtu 1500) I set mtu manually on openvpn server by 'ip link set tun0 mtu 1300'. Then I'm trying to ping machines from openvpn-client to local-net with command: ping -M dont -s 1400 192.168.1.1 ^^^^ DF bit is off. And I got 3 pockets: 1 echo request 1+1 fragmented echo reply. Fragmentation was made by openvpn server. This is ok. Than, I changed the command to: ping -M do -s 1400 192.168.1.1 ^^ DF bit is on! And I still got fragmented replies. However, I must got icmp(Frag needed and DF set). Here is tcpdump, captured on openvpn-server tun0: 172.16.0.127 - this is client IP 192.168.1.1 - local-host 21:37:23.279886 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto: ICMP (1), length: 1328) 172.16.0.127 > 192.168.1.1: ICMP echo request, id 58964, seq 1, length 1308 21:37:23.280093 IP (tos 0x0, ttl 63, id 8408, offset 0, flags [+], proto: ICMP (1), length: 1300) 192.168.1.1 > 172.16.0.127: ICMP echo reply, id 58964, seq 1, length 1280 21:37:23.280098 IP (tos 0x0, ttl 63, id 8408, offset 1280, flags [none], proto: ICMP (1), length: 48) 192.168.1.1 > 172.16.0.127: icmp Tcpdump captured on openvpn-server eth0: 22:07:40.973671 IP (tos 0x0, ttl 63, id 0, offset 0, flags [DF], proto: ICMP (1), length: 1428) 172.16.0.127 > 192.168.1.1: ICMP echo request, id 15958, seq 1, length 1408 22:07:40.973890 IP (tos 0x0, ttl 64, id 8411, offset 0, flags [none], proto: ICMP (1), length: 1428) 192.168.1.1 > 172.16.0.127: ICMP echo reply, id 15958, seq 1, length 1408 Can someone explain me, why tun interface not honor DF flag? Is it expected or it's a bug? For comparison, if I set mtu 1300 on eth0, I got as expected: From 172.16.0.127 icmp_seq=2 Frag needed and DF set (mtu = 1300) Some notes: Openvpn-server OS: Centos 5.5 Openvpn-server kernel: 2.6.18-194.8.1.el5xen x86_64 Openvpn-server version: 2.1.1-1 |
