MTU issue with OpenVPN (and maybe SSH)
-
System: New install of 1.2.1 rc1 (Aug 12 build, SMP kernel)
I've configured OpenVPN server, copying straight from a functioning config on 1.2 (PKI, 2k key, 256 aes, lzo).
On connecting remotely I get an IP and all looks fine. But transfer is very slow, if a page loads it does so at about 20bytes/sec down a line that should have a few hundred kilobits spare. Many errors and reconnects…The server log shows:
WARNING: 'link-mtu' is used inconsistently,
local='link-mtu 1560', remote='link-mtu 1559'It also shows some LZO errors which may relate to the missing ends of some packets (I'm guessing).
ifconfig shows all interfaces have MTU=1500 (default), so the 60 extra bytes above may be producing oversized packets?I've not set "link-mtu" in the config but it gave me the idea to try. If I do add this to the "custom options" pane:
link-mtu 1500;
and the same to my client config I get a better line
NB. The manual warns against setting this unless you know what you're doing…which I don't.On a similar note I tried to connect in down a temporary SSH channel. This produced similarly slow connection. Transfers would often stop at 1.4k downloaded. This made me think of the MTU and packet size issue again.
This may relate to the other "SSH broken" thread recently posted.Sorry more symptoms than fixes. Any ideas?
Nick.
-
See http://forum.pfsense.org/index.php/topic,10915.0.html
Probably the same issue. Nick.