Opened 4 years ago
Last modified 4 years ago
#909 new Bug / Defect
--mtu-disc yes not supported on Linux
| Reported by: | harri | Owned by: | |
|---|---|---|---|
| Priority: | major | Milestone: | |
| Component: | Generic / unclassified | Version: | OpenVPN 2.4.3 (Community Ed) |
| Severity: | Not set (select this one, unless your'e a OpenVPN developer) | Keywords: | mtu |
| Cc: |
Description
If I set "--mtu-test yes" on Linux, then openvpn ignores the man page and claims
{root@cecil:openvpn (master) 530} /usr/sbin/openvpn --cd /etc/openvpn --config client.conf --mtu-disc yes
Sat Jul 1 15:24:46 2017 OpenVPN 2.4.3 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Jun 30 2017
Sat Jul 1 15:24:46 2017 library versions: OpenSSL 1.0.2l 25 May 2017, LZO 2.08
Enter Private Key Password: ******
:
Sat Jul 1 15:24:52 2017 --mtu-disc is not supported on this OS
Sat Jul 1 15:24:52 2017 Exiting due to fatal error
{root@cecil:openvpn (master) 531} uname -a
Linux cecil.afaics.de 4.11.8-raw #1 SMP PREEMPT Thu Jun 29 22:46:23 CEST 2017 x86_64 GNU/Linux
Address family is AF_INET.
Change History (8)
comment:1 Changed 4 years ago by
comment:2 Changed 4 years ago by
PS: Of course the title should have been "--mtu-disc yes not supported on Linux", sorry for the typo.
comment:3 Changed 4 years ago by
| Summary: | --mtu-test yes not supported on Linux → --mtu-disc yes not supported on Linux |
|---|
I've corrected the title.
comment:4 Changed 4 years ago by
This is happening because openvpn-2.4 implements some kind of "AF family" socket guessing.
Because of this, the attribute used by the mtu-disc logic to understand if the socket is IPv4 or IPv6 is not set (because it is guessed) when it should be.
As a temporary workaround you can explicitly set the socket to be IPv4 or IPv6 by using udp4 or udp6 as protocol specifier in your client configuration.
Fixing the real problem might require some more time.
comment:5 Changed 4 years ago by
Does "mtu-disc no" make sense for IPv6 at all? Maybe this option should be silently ignored for IPv6.
comment:6 follow-up: 7 Changed 4 years ago by
Hi,
"As a temporary workaround you can explicitly set the socket to be IPv4 or IPv6 by using udp4 or udp6 as protocol specifier in your client configuration."
How to do that?
comment:7 Changed 4 years ago by
Replying to MatejKovacic:
Hi,
"As a temporary workaround you can explicitly set the socket to be IPv4 or IPv6 by using udp4 or udp6 as protocol specifier in your client configuration."
How to do that?
"by using udp4 or udp6 as protocol specifier in your client configuration."
You have an option "proto" in your config and that can be set to "udp4" or "udp6". You can also have a look at the man if you want a deeper explanation.
cc