On Thursday 17 June 2010 10:44:59 Sven Eckelmann wrote:
Sounds a little bit like a device is configured wrong. Lets go through the devices:
Laptop:
- WiFi: MTU: 1500
Fonera:
- Incoming (to Laptop) WiFi: MTU 1500
- Outgoing (to Dir300) WiFi: MTU 1530
- Bridge (has bat0 and Incoming WiFi included): MTU 1500
- bat0 (has only Outgoing WiFi included): MTU 1500
Dir300:
- Incoming (to Fonera) WiFi: MTU 1530
- bat0 (only incoming device included): MTU 1500
This should work till Dir300. Now send 1500 Bytes large packets to each interesting partner (fonera, dir300) and check were it drops.
This can be done using `ping -M do -s 1472 $IP`.
If it works till dir300 and drops somewhere in the openvpn/virtual openwrt/internet connection then please check there. If it drops before then please check your configuration (running, not configuration files) and try to summarize those devices as I tried to do above.
How exactly is openvpn your connection to the internet configured? Do they work in an mode which adds extra headers? Do they fragment packets?
Best regards, Sven
Sry this should have been gone to the Batman list, so here it is again:
I did this and everything works fine till I try to connect over the vpn. So the vpn is the problem I think.
Here is some output of what I tried connecting over vpn:
[floh1111@flohdesktop ~]$ ping -M do -s 1467 10.18.1.1 PING 10.18.1.1 (10.18.1.1) 1467(1495) bytes of data. 1475 bytes from 10.18.1.1: icmp_seq=1 ttl=64 time=85.6 ms --> Works fine till package size 1467 or lower ---------- [floh1111@flohdesktop ~]$ ping -M do -s 1468 10.18.1.1 PING 10.18.1.1 (10.18.1.1) 1468(1496) bytes of data. --> Does not work with package size from 1468 to 1472, no error message ---------- [floh1111@flohdesktop ~]$ ping -M do -s 1473 10.18.1.1 PING 10.18.1.1 (10.18.1.1) 1473(1501) bytes of data. From 10.18.0.3 icmp_seq=1 Frag needed and DF set (mtu = 1500) --> Does not work too, but I get an error message trying package size 1473 or higher.
We are using OpenVPN in tap mode. Below is our server config: ---- mode server tls-server
port 1195 proto udp dev tap ca /etc/openvpn/ff/ca.crt cert /etc/openvpn/ff/ffsrv.crt key /etc/openvpn/ff/ffsrv.key # This file should be kept secret dh /etc/openvpn/dh1024.pem client-config-dir ccd client-to-client keepalive 10 120 comp-lzo max-clients 100 persist-key persist-tun status openvpn-status.log verb 3 -----
I don´t know if openvpn is adding some extra headers but maybe you know?
Thanks Clemens