OpenVPN and MTU changes on the ADSL network?

morkhans

morkhans

A MyBroadband
Super Moderator
Joined
Jun 22, 2007
Messages
10,897
Reaction score
474
Location
Cape Town
Our OpenVPN links to clients stopped working today. Symptom is you can login over ssh, but any command that produces a lot of output like a ps causes the session to hang. We had it limited to 1400 and after some testing are now down to 1250. ISP is IS Business ADSL.

We certainly have not changed anything on our or our client sides so I can only imagine it's Telkom or IS.
 
I had to set my PPTP VPN's MTU to 1400, otherwise I'm getting the same problems you're experiencing when I'm connecting to my office which is running on Mweb business uncapped.
Mweb Business ADSL accounts runs a VPN over PPPoE, which is why we have to reduce the MTU from the default 1460 to like 1400.

1250 is quite low.
 
Pada said:
I had to set my PPTP VPN's MTU to 1400, otherwise I'm getting the same problems you're experiencing when I'm connecting to my office which is running on Mweb business uncapped.
Mweb Business ADSL accounts runs a VPN over PPPoE, which is why we have to reduce the MTU from the default 1460 to like 1400.
Click to expand...
Exactly what we needed to do initially with IS.

Pada said:
1250 is quite low.
Click to expand...
Yes, which I why I think someone has changed something significant somewhere.
 
Connecting from adsl to vpn server hosted on diginet line seems to be ok. OpenVPN, commands run fine (ps, ls -l, ssh transfers).
 
morkhans: can you check what the MTU values are of the connections on both sides?

Like I think in my case it would be PPPoE (MTU 1492) and then PPTP VPN (MTU 1460) for Mweb Business via that PPPoE connection.
Then at my home, I have a Mweb consumer uncapped via PPPoE (MTU 1492), with a PPTP VPN (MTU 1400) which connects to the office.
I would probably get away with an MTU of 1428 for my PPTP VPN to the office.
 
Pada said:
morkhans: can you check what the MTU values are of the connections on both sides?

Like I think in my case it would be PPPoE (MTU 1492) and then PPTP VPN (MTU 1460) for Mweb Business via that PPPoE connection.
Then at my home, I have a Mweb consumer uncapped via PPPoE (MTU 1492), with a PPTP VPN (MTU 1400) which connects to the office.
I would probably get away with an MTU of 1428 for my PPTP VPN to the office.
Click to expand...

Our side: IS would be the same as your MWeb setup. Client side is mixed bag of Business ADSL and PPPoE connections. So pretty much same as your setup. Only place were we have forced the MTU is on our OpenVPN server side using mssfix. Interestingly enough the mtu-test suggested an MTU of less than 1398.
 
Hmm, I see that I also have the mssfix going on my MikroTik,
which is adjusting the MSS to 1360 for the PPTP VPN (MTU 1400)
and its changing the MSS to 1420 for the PPTP VPN (MTU 1460)
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X