Thank you for your response. I've investegated a little further, I see the following in /var/log/messages on the l2tp npppd server: l2tpd ctrl=1 timeout waiting ack for hello packets. l2tpd ctrl=1 call=28732 logtype=PPPUnbind
The client reports that the tunnel went down.. does this indidacte an mss/mtu issue? I've tried scrub on pppx and to set mru i npppd.conf ...no luck... 2014-09-14 5:06 GMT+02:00 YASUOKA Masahiko <[email protected]>: > Hi, > > On Sun, 7 Sep 2014 21:00:31 +0200 > Jens Hansen <[email protected]> wrote: > > I can successfully connect to my opensbsd 5.5. isakmpd / npppd IPSEC L2TP > > vpn setup. > > But (not knowing too much about netwoking) i think i'm having a mtu > > problem. I can do low volume traffic fine, but transmitting larger files > > stalls. I've tried as per suggested by others around the web the > > following. > > Added scrub on enc0 with an max mss of the pppx0 mtu. > > "scrub" should be used for the VPN tunnel internal packets. They pass > through on pppx0, pppx1,...pppxN. (pppx creates a new clone for each > VPN session.) "pppx" interface group should be used. > > match on pppx scrub ( max-mss 1410 ) > > > Tried with and without tcp-mss-adjust set to yes in npppd.conf. > > At first, I think you should set "mru" not to fragment L2TP/IPsec > packets on your network and it also is used to fragment properly for > the packets inside the VPN links. Also "tcp-mss-adjust yes" may be > useful if you want to avoid the PMTU-D blackhole problem. > > --yasuoka
