From patchwork Sat Jun 25 13:41:50 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arne Schwabe X-Patchwork-Id: 2555 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director9.mail.ord1d.rsapps.net ([172.31.255.6]) by backend30.mail.ord1d.rsapps.net with LMTP id SL6/IJKdt2K9GwAAIUCqbw (envelope-from ) for ; Sat, 25 Jun 2022 19:43:14 -0400 Received: from proxy13.mail.iad3b.rsapps.net ([172.31.255.6]) by director9.mail.ord1d.rsapps.net with LMTP id INigIJKdt2KaPAAAalYnBA (envelope-from ) for ; Sat, 25 Jun 2022 19:43:14 -0400 Received: from smtp28.gate.iad3b ([172.31.255.6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy13.mail.iad3b.rsapps.net with LMTPS id UJ5zG5Kdt2JRfQAAvUvv+w (envelope-from ) for ; Sat, 25 Jun 2022 19:43:14 -0400 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp28.gate.iad3b.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dmarc=none (p=nil; dis=none) header.from=rfc2549.org X-Suspicious-Flag: YES X-Classification-ID: 93f215be-f4e0-11ec-8dba-525400c8cd63-1-1 Received: from [216.105.38.7] ([216.105.38.7:47846] helo=lists.sourceforge.net) by smtp28.gate.iad3b.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id 7E/5E-32059-19D97B26; Sat, 25 Jun 2022 19:43:14 -0400 Received: from [127.0.0.1] (helo=sfs-ml-4.v29.lw.sourceforge.com) by sfs-ml-4.v29.lw.sourceforge.com with esmtp (Exim 4.94.2) (envelope-from ) id 1o5FPn-0003OZ-2H; Sat, 25 Jun 2022 23:42:09 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-4.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1o5FPk-0003OT-QP for openvpn-devel@lists.sourceforge.net; Sat, 25 Jun 2022 23:42:07 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-Id:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=CCYlBqHOK7sCuuFRysyfffsttNJ6BXtUGkDacaJyt18=; b=Q2Lgql2qQfN/rO6cMRcvc8sEG+ dNKbHoAHEe0a1UA4DYlgZm8Hq8XRJ1CTiVPPAG7/eeYyLtqfWUaZPTIXq/azM/7xJL39AsSrSwzMt 8TpzwLnVtE+BJuqu5re2NcsLcCiaSC4+RzEFB5V0kLu/6CdczFrNFaqK43zieg/n8xuc=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-Id: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=CCYlBqHOK7sCuuFRysyfffsttNJ6BXtUGkDacaJyt18=; b=cNsFFCy35x+hQqF/pKW8nx+xmT fawHLyaUAzsMplWNT/gt5DSdFYMQ7cnjfiNfnqVqlPpPrMRHHmgZCLjdR28FMB8ScLeTeLu/av0RR /65/Ff41mJA2MDGb2/BRraHeTjFwOd0GLIGxd9l1CQgQDe7nO8i/Fg13GrqXqzuQOb5w=; Received: from mail.blinkt.de ([192.26.174.232]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.94.2) id 1o5FPi-0002ow-Uu for openvpn-devel@lists.sourceforge.net; Sat, 25 Jun 2022 23:42:07 +0000 Received: from kamera.blinkt.de ([2001:638:502:390:20c:29ff:fec8:535c]) by mail.blinkt.de with smtp (Exim 4.95 (FreeBSD)) (envelope-from ) id 1o5FPT-000Iir-6O for openvpn-devel@lists.sourceforge.net; Sun, 26 Jun 2022 01:41:51 +0200 Received: (nullmailer pid 3398926 invoked by uid 10006); Sat, 25 Jun 2022 23:41:51 -0000 From: Arne Schwabe To: openvpn-devel@lists.sourceforge.net Date: Sun, 26 Jun 2022 01:41:50 +0200 Message-Id: <20220625234150.3398864-5-arne@rfc2549.org> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20220625234150.3398864-1-arne@rfc2549.org> References: <20220625234150.3398864-1-arne@rfc2549.org> MIME-Version: 1.0 X-Spam-Report: Spam detection software, running on the system "util-spamd-2.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: This changes the default MTU of the tun-mtu to 1420 to avoid MTU related issues that are even more prominent when DCO server or clients are involved. To maximise compatibility to lie our MTU in the default OCC message and keep it at 1500. Content analysis details: (0.2 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 SPF_NONE SPF: sender does not publish an SPF Record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.2 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail domains are different -0.0 T_SCC_BODY_TEXT_LINE No description available. X-Headers-End: 1o5FPi-0002ow-Uu Subject: [Openvpn-devel] [PATCH v3 5/5] Change default MTU in server mode to 1420 X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox This changes the default MTU of the tun-mtu to 1420 to avoid MTU related issues that are even more prominent when DCO server or clients are involved. To maximise compatibility to lie our MTU in the default OCC message and keep it at 1500. Signed-off-by: Arne Schwabe --- doc/man-sections/vpn-network-options.rst | 17 ++++++++++++----- src/openvpn/options.c | 10 ++++++++++ 2 files changed, 22 insertions(+), 5 deletions(-) diff --git a/doc/man-sections/vpn-network-options.rst b/doc/man-sections/vpn-network-options.rst index 9a09aef8b..1dda4912d 100644 --- a/doc/man-sections/vpn-network-options.rst +++ b/doc/man-sections/vpn-network-options.rst @@ -525,11 +525,18 @@ routing. OpenVPN requires that packets on the control and data channels be sent unfragmented. - MTU problems often manifest themselves as connections which hang during - periods of active usage. - - It's best to use the ``--fragment`` and/or ``--mssfix`` options to deal - with MTU sizing issues. + A VPN protocol like OpenVPN adds encapsulation overhead in each packet. If a + VPN packet with the encapsulation becomes larger than the transport network + MTU (typically 1500 or 1492) the packet will become fragmented or completely + dropped. These problems can manifest themselves as connections which hang + during periods of active usage or slower performance. To avoid these problems + it is generally advisable to set the tun MTU small enough to avoid these + problems. The default of 1420 is chosen to be safe with default parameters + and a (transport) network MTU of 1492. + + If lowering the tun MTU to avoid MTU related problems (e.g. when tap is used + and an MTU of 1500 is required), the ``--fragment`` and/or ``--mssfix`` + options can be also used to deal with MTU sizing issues. Note: Depending on the platform, the operating system allows to receive packets larger than ``tun-mtu`` (e.g. Linux and FreeBSD) but other platforms diff --git a/src/openvpn/options.c b/src/openvpn/options.c index f162b0b41..d87c6595c 100644 --- a/src/openvpn/options.c +++ b/src/openvpn/options.c @@ -3032,6 +3032,16 @@ options_postprocess_mutate_ce(struct options *o, struct connection_entry *ce) if (!ce->tun_mtu_defined && !ce->link_mtu_defined) { ce->tun_mtu_defined = true; + if (o->mode == MODE_SERVER && dev != DEV_TYPE_TAP) + { + /* If we are running in P2MP mode we default to a MTU + * that is low enough by default to fit into a 1492 + * MTU UDP IPv6 packet: + * + */ + ce->tun_mtu = frame_calculate_default_mtu(o); + ce->occ_mtu = TUN_MTU_DEFAULT; + } } if ((dev == DEV_TYPE_TAP) && !ce->tun_mtu_extra_defined) {