Il 2023-07-24 13:23 tincantech ha scritto:
If your PMTU is changing "on a daily basis" then you should probably
report
that as a fault to your Internet Service Provider(s).
Forgot what I've written before: I've did many more tests and apparently
my connection(s)' MTU is not changing but something else is going on
with openvpn.
From the server:
# traceroute --mtu 8.8.8.8
traceroute to 8.8.8.8 (8.8.8.8), 30 hops max, 65000 byte packets
1 16.806 ms F=1492 16.665 ms 16.546 ms
2 16.304 ms 16.381 ms 16.289 ms
3 16.488 ms 16.550 ms 16.091 ms
4 17.593 ms 16.074 ms 16.125 ms
5 17.159 ms 74.125.245.241 (74.125.245.241) 17.205 ms 17.850 ms
6 16.904 ms 142.250.211.23 (142.250.211.23) 16.462 ms
142.251.235.175 (142.251.235.175) 16.407 ms
7 dns.google (8.8.8.8) 16.685 ms 16.334 ms 16.434 ms
The server has an MTU of 1492 and I can confirm it with the following:
ping -M do -s 1464 -c 1 8.8.8.8 //OK
1464 + 28 (20 bytes for the IPv4 header and 8 bytes for the ICMP header)
= 1492
My primary Tiscali connection which I use for the client has an MTU of
1460:
ping -M do -s 1432 -c 1 8.8.8.8 //OK
(1432+28=1460)
If I connect with the Tiscali client and try to ping over the tunnel I
get to an MTU of 1394 for the tunnel:
ping -M do -s 1366 -c 1 192.168.2.1 //OK
(1366+28=1394)
So I guess that the encryption overhead accounts for 66 bytes
(1460-1394=66).
The Tiscali connection (which is a 200Mps/20Mbps FTTC) is weird in my
opinion, because the PPPoE header should be 8 bytes and that should
translate to a 1492 MTU, not 1460.
Also apparently a traceroute --mtu suggests 1492 as well, but there are
only asterisks which is even weirder:
# traceroute --mtu 8.8.8.8
traceroute to 8.8.8.8 (8.8.8.8), 30 hops max, 65000 byte packets
1 _gateway (192.168.1.1) 1.219 ms F=1500 0.876 ms 0.986 ms
2 * F=1492 * *
3 * * *
4 * * *
5 * * *
6 * * *
7 * * *
8 * * *
9 * * *
10 * * *
11 * * *
12 * * *
13 * * *
14 * * *
15 * * *
16 * * *
17 * * *
18 * * *
19 * * *
20 * * *
[...]
So I decided to try connecting to my openvpn server from an Iliad
hotspot, which under normal circumstances has an MTU of 1420:
# traceroute --mtu 8.8.8.8
traceroute to 8.8.8.8 (8.8.8.8), 30 hops max, 65000 byte packets
1 _gateway (192.168.61.7) 2.465 ms F=1500 2.290 ms 2.329 ms
2 * F=1420 * *
3 * 192.168.3.14 (192.168.3.14) 87.831 ms 56.965 ms
4 192.168.255.3 (192.168.255.3) 55.863 ms 55.182 ms 54.250 ms
5 66.312 ms 64.891 ms 63.330 ms
6 54.089 ms 51.763 ms *
7 64.521 ms 71.594 ms 59.795 ms
8 54.797 ms 71.373 ms 69.394 ms
9 * * *
10 dns.google (8.8.8.8) 68.258 ms 69.061 ms 142.250.211.30
(142.250.211.30) 64.794 ms
ping -M do -s 1392 -c 1 8.8.8.8 //OK
(1392+28=1420)
Traceroute seems to work via the Iliad connection.
Which payload size would you expect me to be able to ping over the
openvpn tunnel?
If you guessed 1392-66=1326 you would be wrong. I can get up to the full
1500 MTU:
ping -M do -s 1472 -c 1 192.168.2.1 //OK
(1472+28=1500)
This is WITHOUT fragment being set. In fact I use the very config I
previously used with the Tiscali connection on the same laptop.
I've double checked switching between Tiscali and Iliad multiple times.
What's happening? Is fragment being silently enabled? Why only on the
Iliad connection? Traceroute somehow not working on Tiscali might be at
play here.
Niccolo'
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
