Opened 6 months ago
Last modified 4 months ago
#909 new Bug / Defect
--mtu-disc yes not supported on Linux
| Reported by: | harri | Owned by: | |
|---|---|---|---|
| Priority: | major | Milestone: | |
| Component: | Generic / unclassified | Version: | OpenVPN 2.4.3 (Community Ed) |
| Severity: | Not set (select this one, unless your'e a OpenVPN developer) | Keywords: | mtu |
| Cc: |
Description
If I set "--mtu-test yes" on Linux, then openvpn ignores the man page and claims
{root@cecil:openvpn (master) 530} /usr/sbin/openvpn --cd /etc/openvpn --config client.conf --mtu-disc yes
Sat Jul 1 15:24:46 2017 OpenVPN 2.4.3 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Jun 30 2017
Sat Jul 1 15:24:46 2017 library versions: OpenSSL 1.0.2l 25 May 2017, LZO 2.08
Enter Private Key Password: ******
:
Sat Jul 1 15:24:52 2017 --mtu-disc is not supported on this OS
Sat Jul 1 15:24:52 2017 Exiting due to fatal error
{root@cecil:openvpn (master) 531} uname -a
Linux cecil.afaics.de 4.11.8-raw #1 SMP PREEMPT Thu Jun 29 22:46:23 CEST 2017 x86_64 GNU/Linux
Address family is AF_INET.
Change History (8)
comment:1 Changed 6 months ago by tincantech
comment:2 Changed 6 months ago by harri
PS: Of course the title should have been "--mtu-disc yes not supported on Linux", sorry for the typo.
comment:3 Changed 6 months ago by dazo
- Summary changed from --mtu-test yes not supported on Linux to --mtu-disc yes not supported on Linux
I've corrected the title.
comment:4 Changed 6 months ago by ordex
This is happening because openvpn-2.4 implements some kind of "AF family" socket guessing.
Because of this, the attribute used by the mtu-disc logic to understand if the socket is IPv4 or IPv6 is not set (because it is guessed) when it should be.
As a temporary workaround you can explicitly set the socket to be IPv4 or IPv6 by using udp4 or udp6 as protocol specifier in your client configuration.
Fixing the real problem might require some more time.
comment:5 Changed 6 months ago by harri
Does "mtu-disc no" make sense for IPv6 at all? Maybe this option should be silently ignored for IPv6.
comment:6 follow-up: ↓ 7 Changed 4 months ago by MatejKovacic
Hi,
"As a temporary workaround you can explicitly set the socket to be IPv4 or IPv6 by using udp4 or udp6 as protocol specifier in your client configuration."
How to do that?
comment:7 in reply to: ↑ 6 Changed 4 months ago by ordex
Replying to MatejKovacic:
Hi,
"As a temporary workaround you can explicitly set the socket to be IPv4 or IPv6 by using udp4 or udp6 as protocol specifier in your client configuration."
How to do that?
"by using udp4 or udp6 as protocol specifier in your client configuration."
You have an option "proto" in your config and that can be set to "udp4" or "udp6". You can also have a look at the man if you want a deeper explanation.
comment:8 Changed 4 months ago by MatejKovacic
Thank you.
Anyway, I am using TCP, so should say:
proto tcp4
cc