Menu
▾
▴
Re: [Openvpn-users] Tun interface and mtu issues
|
From: Nikita K. <kos...@gm...> - 2010-08-29 14:18:57
|
On Sun, 29 Aug 2010 12:04:34 +0100 Timothy Baldwin wrote: Thanks for reply, Timothy > In message <20100828222407.388b1242@jimbo>, Nikita Koshikov > <kos...@gm...> wrote: > > > Setup: > > > > openvpn-client --> openvpn-server --> local-net > > tun0(mtu 1500) tun0(mtu 1300) eth0(mtu1500) > > eth0(mtu 1500) > > > > I set mtu manually on openvpn server by 'ip link set tun0 mtu 1300'. > > MTU = Maximum Transmission Unit > > > Then I'm trying to ping machines from openvpn-client to local-net with > > command: > > > ping -M do -s 1400 192.168.1.1 > > ^^ > > DF bit is on! > > And I still got fragmented replies. However, I must got icmp(Frag needed > > and DF set). > > It's working as it should, your ICMP echo request packets are not being > affected by the MTU setting on tun0 on openvpn-server, as they are not being > transmitted on that interface, they are received on it. > Quick testing on ethernet environment: Client --> Server eth0 eth0 mtu 1500 mtu 1300 Pings with packet size 1400. From client machines packets sending, but they don't appear on destination wire. I use tcpdump to check this. Also, I have tried with 2 real servers, different OS-es - both behave the same(packets not appear) and with one virtual machine - it acts like openvpn-server in 1 post(1 echo request and 2 fragmented replies). Between client and server few 3Com switches. Can someone test such scheme on your side ? > > > > 22:07:40.973890 IP (tos 0x0, ttl 64, id 8411, offset 0, flags [none], > > proto: ICMP (1), length: 1428) 192.168.1.1 > 172.16.0.127: ICMP echo > > reply, id 15958, seq 1, length 1408 > > > > Can someone explain me, why tun interface not honor DF flag? Is it > > expected or it's a bug? > > It's not set on the ICMP echo replies. > > > > ------------------------------------------------------------------------------ > Sell apps to millions through the Intel(R) Atom(Tm) Developer Program > Be part of this innovative community and reach millions of netbook users > worldwide. Take advantage of special opportunities to increase revenue and > speed time-to-market. Join now, and jumpstart your future. > http://p.sf.net/sfu/intel-atom-d2d > _______________________________________________ > Openvpn-users mailing list > Ope...@li... > https://lists.sourceforge.net/lists/listinfo/openvpn-users |
