Opened 6 weeks ago

Closed 5 weeks ago

#5718 closed (fixed)

openvpn: --mtu-disc is not supported on this OS

Reported by: Mile-Lile Owned by:
Keywords: Cc:

Description

I upgraded to latest public r31277 (without reset) and suddenly working ovpn server configuration stopped working... this is my log:

Feb 08 07:37:45 178.222.74.194 openvpn:  TCP connection established with [AF_INET]213.137.102.194:33188 
Feb 08 07:37:45 178.222.74.194 openvpn:  --mtu-disc is not supported on this OS 
Feb 08 07:37:45 178.222.74.194 openvpn:  Exiting due to fatal error 
Feb 08 07:37:45 178.222.74.194 openvpn:  /tmp/openvpn/route-down.sh tun2 1500 1624 10.8.0.1 255.255.255.0 init 
Feb 08 07:37:45 178.222.74.194 openvpn:  Closing TUN/TAP interface 
Feb 08 07:37:45 178.222.74.194 openvpn:  /sbin/ifconfig tun2 0.0.0.0 

I know that there were no changes on svn regarding ovpn config but I found this on wiki:

--mtu-disc type
Should we do Path MTU discovery on TCP/UDP channel? Only supported on OSes such as Linux that supports the necessary system call to set.
'no' -- Never send DF (Don't Fragment) frames 
'maybe' -- Use per-route hints 
'yes' -- Always DF (Don't Fragment) 

I will try tonight to do it from scratch, but I am new to openvpn and don't know where these config files are located to try to remove this directive...

Change History (13)

comment:1 Changed 6 weeks ago by Mile-Lile

edit: my openvpn server configuration is almost default (GUI), just added certificates and server key... never added this mtu-disc option so I assume that it is default but ddwrt doesn't support it or is not compiled with all depencies...

comment:2 Changed 6 weeks ago by Mile-Lile

and yesterdays working log:

Feb 07 11:34:08 178.222.92.85 openvpn:  TCP connection established with [AF_INET]213.137.102.194:8151 
Feb 07 11:34:10 178.222.92.85 openvpn:  213.137.102.194:8151 TLS: Initial packet from [AF_INET]213.137.102.194:8151, sid=2038bdcd b7b06be8 
Feb 07 11:34:11 178.222.92.85 openvpn:  213.137.102.194:8151 VERIFY OK: depth=1, C=EU, ST=RS, L=Belgrade, O=Home, OU=xxxxxxxxxx@mts.rs, CN=xxxxxxxxxx, name=xxxxxxx, emailAddress=xxxxxxxxx 
Feb 07 11:34:11 178.222.92.85 openvpn:  213.137.102.194:8151 VERIFY OK: depth=0, C=US, ST=CA, L=xxxxxxxxxxxxxx, O=xxxxxxxxxxx, OU=xxxxxxxxxx, CN=xxxxxxxxxxxx, name=xxxxxxxxxxxx, emailAddress=hmilenkovic@mts.rs 
Feb 07 11:34:11 178.222.92.85 openvpn:  213.137.102.194:8151 peer info: IV_VER=2.4.0 
Feb 07 11:34:11 178.222.92.85 openvpn:  213.137.102.194:8151 peer info: IV_PLAT=win 
Feb 07 11:34:11 178.222.92.85 openvpn:  213.137.102.194:8151 peer info: IV_PROTO=2 
Feb 07 11:34:11 178.222.92.85 openvpn:  213.137.102.194:8151 peer info: IV_NCP=2 
Feb 07 11:34:11 178.222.92.85 openvpn:  213.137.102.194:8151 peer info: IV_LZ4=1 
Feb 07 11:34:11 178.222.92.85 openvpn:  213.137.102.194:8151 peer info: IV_LZ4v2=1 
Feb 07 11:34:11 178.222.92.85 openvpn:  213.137.102.194:8151 peer info: IV_LZO=1 
Feb 07 11:34:11 178.222.92.85 openvpn:  213.137.102.194:8151 peer info: IV_COMP_STUB=1 
Feb 07 11:34:11 178.222.92.85 openvpn:  213.137.102.194:8151 peer info: IV_COMP_STUBv2=1 
Feb 07 11:34:11 178.222.92.85 openvpn:  213.137.102.194:8151 peer info: IV_TCPNL=1 
Feb 07 11:34:11 178.222.92.85 openvpn:  213.137.102.194:8151 peer info: IV_GUI_VER=OpenVPN_GUI_11 
Feb 07 11:34:11 178.222.92.85 openvpn:  213.137.102.194:8151 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 1024 bit RSA 
Feb 07 11:34:11 178.222.92.85 openvpn:  213.137.102.194:8151 [hranislav.gotgeeks.com] Peer Connection Initiated with [AF_INET]213.137.102.194:8151 
Feb 07 11:34:11 178.222.92.85 openvpn:  hranislav.gotgeeks.com/213.137.102.194:8151 MULTI_sva: pool returned IPv4=10.8.0.2, IPv6=(Not enabled) 
Feb 07 11:34:11 178.222.92.85 openvpn:  hranislav.gotgeeks.com/213.137.102.194:8151 OPTIONS IMPORT: reading client specific options from: /tmp/openvpn_cc_15aad3031304ba4269b5e181d620bdd6.tmp 
Feb 07 11:34:11 178.222.92.85 openvpn:  hranislav.gotgeeks.com/213.137.102.194:8151 MULTI: Learn: 10.8.0.2 -> hranislav.gotgeeks.com/213.137.102.194:8151 
Feb 07 11:34:11 178.222.92.85 openvpn:  hranislav.gotgeeks.com/213.137.102.194:8151 MULTI: primary virtual IP for hranislav.gotgeeks.com/213.137.102.194:8151: 10.8.0.2 
Feb 07 11:34:12 178.222.92.85 openvpn:  hranislav.gotgeeks.com/213.137.102.194:8151 PUSH: Received control message: 'PUSH_REQUEST' 
Feb 07 11:34:12 178.222.92.85 openvpn:  hranislav.gotgeeks.com/213.137.102.194:8151 SENT CONTROL [hranislav.gotgeeks.com]: 'PUSH_REPLY,route 192.168.2.0 255.255.255.0,redirect-gateway autolocal def1,dhcp-option DNS 208.67.222.222,route-gateway 10.8.0.1,topolog 
Feb 07 11:34:12 178.222.92.85 openvpn:  hranislav.gotgeeks.com/213.137.102.194:8151 Data Channel Encrypt: Cipher 'AES-256-GCM' initialized with 256 bit key 
Feb 07 11:34:12 178.222.92.85 openvpn:  hranislav.gotgeeks.com/213.137.102.194:8151 Data Channel Decrypt: Cipher 'AES-256-GCM' initialized with 256 bit key 
Feb 07 11:35:03 178.222.92.85 kernel:  [135010.100000] eth0: link up (100Mbps/Full duplex) 
Feb 07 11:35:38 178.222.92.85 kernel:  [135045.100000] eth0: link up (100Mbps/Full duplex) 
Feb 07 11:35:52 178.222.92.85 kernel:  [135059.100000] eth0: link up (100Mbps/Full duplex) 
Feb 07 11:35:54 178.222.92.85 openvpn:  hranislav.gotgeeks.com/213.137.102.194:8151 Connection reset, restarting [0] 
Feb 07 11:35:54 178.222.92.85 openvpn:  hranislav.gotgeeks.com/213.137.102.194:8151 SIGUSR1[soft,connection-reset] received, client-instance restarting 

comment:3 Changed 6 weeks ago by bascom

same to me. latest build router ASUS N66U. pls remove that options, which is autogenerated

workaround:

sed -i 's/^mtu-disc/#mtu-disc/' /tmp/openvpncl/openvpn.conf
openvpn --config /tmp/openvpncl/openvpn.conf &
Last edited 6 weeks ago by bascom (previous) (diff)

comment:4 Changed 6 weeks ago by Mile-Lile

I tested it more lastnight... I found out that this problem occurs when I use 6in4 HE tun at the same time... I disabled ipv6 and now works flawless...

comment:5 Changed 6 weeks ago by bascom

i do use native ipv6 and i am not willing to disable it. which is the latest working build with ovpn ?

Last edited 6 weeks ago by bascom (previous) (diff)

comment:6 Changed 6 weeks ago by bascom

  • Resolution set to invalid
  • Status changed from new to closed

comment:7 Changed 6 weeks ago by bascom

  • Resolution invalid deleted
  • Status changed from closed to reopened

comment:8 Changed 6 weeks ago by egc112

I think OpenVPN 2.4RC was introduced in 30935 so you need a build before that. In OpenVPN 2.4 you should use

proto udp4

mtu-disc yes

comment:9 Changed 6 weeks ago by bascom

thx, will try it. mtu-disc is generated in firmware

comment:10 Changed 5 weeks ago by bascom

  • Resolution set to invalid
  • Status changed from reopened to closed

comment:11 Changed 5 weeks ago by bascom

  • Resolution invalid deleted
  • Status changed from closed to reopened

comment:12 Changed 5 weeks ago by BrainSlayer

let me check. i'm on it

comment:13 Changed 5 weeks ago by BrainSlayer

  • Resolution set to fixed
  • Status changed from reopened to closed

this issue is not present on all device types is what i can say so far. its kernel dependend. i wrote a work around now

Note: See TracTickets for help on using tickets.