retitle #867113 does not start if link-mtu is too low severity #867113 normal thanks
On Tue, Jul 04, 2017 at 08:35:43PM +0200, Bernhard Schmidt wrote: > a) link-mtu 1400 results in tun0 mtu 1278, which is below the minimum > IPv6 MTU of 1280 Bytes. The kernel will refuse to set an IPv6 address on > that sort of interface, as demonstrated here > > # ip link add link enp0s31f6 testvlan mtu 1278 type vlan id 123 > # ip link set testvlan up > # ip addr add 2001:db8::1/64 dev testvlan > RTNETLINK answers: No buffer space available > # ip link set testvlan mtu 1280 > # ip addr add 2001:db8::1/64 dev testvlan > # > > Possibly upstream has changed the overhead calculation. Agreed. > Please also note the WARNING about mssfix/fragment/tun-mtu above. The > manpage says > > --link-mtu n > Sets an upper bound on the size of UDP packets which > are sent between OpenVPN peers. It's best not to > set this parameter unless you know what you're > doing. > > and suggests the fragment and/or mssfix parameters to resolve MTU > issues. I haven't ever used either in my configurations. That configuration option was introduced ages ago in tight collaboration with Gert and you to fix an issue where my OpenVPN would alternately send an MTU-sized and one tiny fragment to transport a TCP stream, resulting in catastrophic performance. In the past, I was reluctant to fiddle with server configuration since one has to keep client configuration in sync manually, which is a pain if you have clients that you can't ssh into without a functioning OpenVPN link. I currently only have clients that I _can_ reach even if OpenVPN is down, so the hurdle to a server configuration change has become significantly lower. I am open to suggestions (on IRC, if you want to) how do to things better in a setup with a 2.4 server and 2.3.4 clients. > Can you try again with both versions and dump the full loglines from the > Journal starting at the OpenVPN version string as shown above? Maybe > there is something else different, since you did not show the Jessie > startup or the startup from link-mtu 1402 it is hard to tell. That being said, OpenVPN 2.4 starts fine with link-mtu 1402. I don't know what got me the impression of the opposite. So your diagnosis of the issue being an MTU issue was correct in the first place. I apologize for any inconvenienve this may have caused. Greetings Marc -- ----------------------------------------------------------------------------- Marc Haber | "I don't trust Computers. They | Mailadresse im Header Leimen, Germany | lose things." Winona Ryder | Fon: *49 6224 1600402 Nordisch by Nature | How to make an American Quilt | Fax: *49 6224 1600421
