Date: Tue, 13 Jul 2004 09:57:07 +0200 From: Aragon Gouveia <aragon@phat.za.net> To: freebsd-net@freebsd.org Subject: mpd PPTP dropped packets Message-ID: <20040713075707.GA5691@phat.za.net>
next in thread | raw e-mail | index | archive | help
Hi,
I'm having a wierd problem I can't seem to narrow down. I've tried posting
to the mpd-users list, but didn't receive a response. Am hoping someone here
can help me out.
Here's a quick pic of my connectivity layout:
Notebook <- ADSL -> VPN server <- Ethernet -> FTP server
The notebook is running FreeBSD 5.2.1-RELEASE-p5. The VPN server FreeBSD
4.10-RELEASE. The FTP server FreeBSD 4.7-RELEASE.
The notebook is establishing a PPTP link to the VPN server over the ADSL
link. Both machines are running mpd 3.18. Here's my config from the
notebook:
[mpd.conf]
home:
new home home
set iface disable on-demand
set iface idle 0
set link no afccomp protocomp
set link no pap chap
set link accept chap
set link keep-alive 10 75
set link mtu 1400
set link mru 1400
set bundle no multilink
set ipcp no vjcomp
open
[mpd.links]
home:
set link type pptp
set pptp peer 196.x.y.z
set pptp enable originate outcall
The problem I'm having is that (seemingly) random packets are being dropped
by the VPN server when performing an FTP download from the FTP server to the
notebook. I know this from collecting netstat -s figures off all three
machines.
According to netstat -s on the VPN server:
624 packets not forwardable
And the FTP server:
836 data packets (962621 bytes) retransmitted
The packetloss is severe enough to cut throughput in half.
At first I thought it was an MTU problem, but now I've found this doesnt
seem to be the case. I've installed hping on the FTP server and have tried
generating TCP packets with a data size of 1360 (total packet size of 1400)
and DF set (the ftp-data packets also have DF set by the way). These
packets reach the notebook without problems.
When I generate a packet with a data payload of 1361 bytes and DF set, it is
dropped and the VPN server emits an ICMP "Fragmentation needed but DF set"
back to the FTP server.
I've tcpdumped an FTP download as well. My notebook negotiates an MSS of
1360 as it should, and the FTP server complies as it should, but packets are
dropped (by the VPN server I presume from netstat -s's output). What's more
is that the FTP server receives no ICMP "Fragmentation needed but DF set"
from the VPN server, and DF is being set. I'm pretty sure this problem is
not an MTU issue.
I've taken it one step further and reduced the mtu of ng0 on my notebook
after pptp has negotiated and connected. When I run a download again, MSS
has been reduced accordingly (and hence total packet size is waaaay below
interface MTU on VPN server), but packets are still dropped.
I'm stumped. I don't know what else to look at. Can anyone help me please?
Thanks,
Aragon
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040713075707.GA5691>