[ previous ] [ next ] [ threads ]
 From:  =?utf-8?Q?St=C3=A5le_Johnsen?= <stale dot johnsen at smartit dot no>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  MTU problems
 Date:  Wed, 23 Dec 2009 08:39:12 +0100 (CET)
We have a customer using m0n0wall as firewall with an bridged Thompson Speedtouch DSL modem. The
customer is using openvpn client on a computer behind the firewall which connects to our openvpn
server in our datacenter. The customer experiences timeouts when running applications over the vpn
tunnel. I have done some ping tests over time and it has been a variable big amount of packetloss
over the tunnel. 

The customer is not experiencing instability with normal internet surfing etc. I have noticed that
openvpn client - server is using mtu 1500bytes, but when i ping our datacenter gateway I can only
get thru 1472bytes from the customers network. 

I did some further tests with openvpn's mtu-test option. This is the result BEHIND m0n0wall: 
Tue Dec 22 10:10:39 2009 us=93000 NOTE: Empirical MTU test completed [Tried,Actual]
local->remote=[1541,1437] remote->local=[1541,1437] 
Tue Dec 22 10:10:39 2009 us=93000 NOTE: This connection is unable to accomodate a UDP packet size of
1541. Consider using --fragment or --mssfix options as a workaround. 

This is the result without the m0n0wall with an computer connected directly in the dsl modem: 
Tue Dec 22 09:41:51 2009 us=734000 NOTE: Empirical MTU test completed [Tried,Actual]
local->remote=[1541,1541] remote->local=[1541,1541] 

Does anyone know if this is related to the problems our customer is experiencing? The customer also
got an new bridged dsl modem a couple of weeks ago. Could it be the combination of m0n0wall and the
new modem that is causing the problem? 

The m0n0wall has a very standard configuration with blank mtu field, block all incoming, no NAT. 
Any other tips/help is much appreciated! 

Stale Johnsen