Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    I see some : openvpn 95093 TCP/UDP packet too large on write - Should i be worried ?

    Scheduled Pinned Locked Moved OpenVPN
    7 Posts 3 Posters 2.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • bingo600B
      bingo600
      last edited by bingo600

      One of my OpenVPN Server daemons have begun logging the below

      Oct 13 11:04:09 	openvpn 	95093 	TCP/UDP packet too large on write to [AF_INET]112.121.x.x:44795 (tried=1572,max=1570)
      Oct 13 11:04:09 	openvpn 	95093 	TCP/UDP packet too large on write to [AF_INET]112.121.x.x:44795 (tried=1572,max=1570)
      Oct 13 11:04:05 	openvpn 	95093 	TCP/UDP packet too large on write to [AF_INET]112.121.x.x:44795 (tried=1572,max=1570)
      Oct 13 11:04:05 	openvpn 	95093 	TCP/UDP packet too large on write to [AF_INET]112.121.x.x:44795 (tried=1572,max=1570)
      Oct 13 11:04:01 	openvpn 	95093 	TCP/UDP packet too large on write to [AF_INET]112.121.x.x:44795 (tried=1572,max=1570)
      Oct 13 11:04:01 	openvpn 	95093 	TCP/UDP packet too large on write to [AF_INET]112.121.x.x:44795 (tried=1572,max=1570)
      Oct 13 11:03:57 	openvpn 	95093 	TCP/UDP packet too large on write to [AF_INET]112.121.x.x:44795 (tried=1572,max=1570)
      Oct 13 11:03:57 	openvpn 	95093 	TCP/UDP packet too large on write to [AF_INET]112.121.x.x:44795 (tried=1572,max=1570) 
      
      

      They come in bursts of 5..7 lines , and a bit random , 2..3 times a minute.
      Is that just an info , or am i actually dropping data ?

      How do i trace what would be generating this (besides tcpdump/wireshark) ?
      Would a MAX MTU on the OVPN interface cure it ?

      I see no erroors on the Client side (a pfSense 2.4.4-p3)
      /Bingo

      If you find my answer useful - Please give the post a 👍 - "thumbs up"

      pfSense+ 23.05.1 (ZFS)

      QOTOM-Q355G4 Quad Lan.
      CPU  : Core i5 5250U, Ram : 8GB Kingston DDR3LV 1600
      LAN  : 4 x Intel 211, Disk  : 240G SAMSUNG MZ7L3240HCHQ SSD

      1 Reply Last reply Reply Quote 0
      • kiokomanK
        kiokoman LAYER 8
        last edited by kiokoman

        mtu issue, packets are dropped
        try with

        fragment 1450;
        mssfix 1450;
        

        custom option of openvpn

        ̿' ̿'\̵͇̿̿\з=(◕_◕)=ε/̵͇̿̿/'̿'̿ ̿
        Please do not use chat/PM to ask for help
        we must focus on silencing this @guest character. we must make up lies and alter the copyrights !
        Don't forget to Upvote with the 👍 button for any post you find to be helpful.

        bingo600B 1 Reply Last reply Reply Quote 0
        • bingo600B
          bingo600 @kiokoman
          last edited by

          @kiokoman

          Thanx

          Is that on/in the VPN server definitions ?
          Do i set it on the Client side too , even if i don't see any issues there ?

          /Bingo

          If you find my answer useful - Please give the post a 👍 - "thumbs up"

          pfSense+ 23.05.1 (ZFS)

          QOTOM-Q355G4 Quad Lan.
          CPU  : Core i5 5250U, Ram : 8GB Kingston DDR3LV 1600
          LAN  : 4 x Intel 211, Disk  : 240G SAMSUNG MZ7L3240HCHQ SSD

          A 1 Reply Last reply Reply Quote 0
          • A
            akuma1x @bingo600
            last edited by akuma1x

            @bingo600 That's the very first box under the Advanced Configuration of the pfsense OpenVPN server settings. You've got to either copy and paste it in there, or type it by hand.

            Don't know if the client has to be set too, however.

            screenshot772345.png

            1 Reply Last reply Reply Quote 0
            • kiokomanK
              kiokoman LAYER 8
              last edited by kiokoman

              i have it on both side on my site to site i think.. let me check what i have..

              yes, it's mandatory to have the same settings on both side or you get this error
              FRAG_IN error flags=0x2a187bf3: FRAG_TEST not implemented

              ̿' ̿'\̵͇̿̿\з=(◕_◕)=ε/̵͇̿̿/'̿'̿ ̿
              Please do not use chat/PM to ask for help
              we must focus on silencing this @guest character. we must make up lies and alter the copyrights !
              Don't forget to Upvote with the 👍 button for any post you find to be helpful.

              bingo600B 1 Reply Last reply Reply Quote 1
              • bingo600B
                bingo600 @kiokoman
                last edited by

                @kiokoman

                Thank you for the excellent support

                Much appeciated

                /Bingo

                If you find my answer useful - Please give the post a 👍 - "thumbs up"

                pfSense+ 23.05.1 (ZFS)

                QOTOM-Q355G4 Quad Lan.
                CPU  : Core i5 5250U, Ram : 8GB Kingston DDR3LV 1600
                LAN  : 4 x Intel 211, Disk  : 240G SAMSUNG MZ7L3240HCHQ SSD

                1 Reply Last reply Reply Quote 0
                • bingo600B
                  bingo600
                  last edited by

                  Just tried on two test firewalls.

                  Hint: Apply on client first , then on server.

                  1:
                  I applied the fix on the client , then the server , client disconnected then reconnected and came up.

                  2:
                  I applied the fix on server , then client disconnected and was "lost"
                  I saw these on the server

                   Oct 14 08:43:01 	openvpn 	10921 	FRAG_IN error flags=0xfb00001d: bad fragment size
                  Oct 14 08:43:00 	openvpn 	10921 	FRAG_IN error flags=0xfb00001d: bad fragment size 
                  

                  Came up after i did a HTTPS to Outside , and applied the client fix.

                  I'd recommend to have a HTTPS access to the "Outside ip" (NON VPN based) , just in case ...
                  Or you prob could remove the server fix , and do it in reverse order.

                  /Bingo

                  If you find my answer useful - Please give the post a 👍 - "thumbs up"

                  pfSense+ 23.05.1 (ZFS)

                  QOTOM-Q355G4 Quad Lan.
                  CPU  : Core i5 5250U, Ram : 8GB Kingston DDR3LV 1600
                  LAN  : 4 x Intel 211, Disk  : 240G SAMSUNG MZ7L3240HCHQ SSD

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.