From owner-freebsd-net@FreeBSD.ORG Tue Jul 13 07:57:10 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CAEA416A4CE for ; Tue, 13 Jul 2004 07:57:10 +0000 (GMT) Received: from mail.geek.sh (decoder.geek.sh [196.36.198.81]) by mx1.FreeBSD.org (Postfix) with ESMTP id 30B7B43D1F for ; Tue, 13 Jul 2004 07:57:10 +0000 (GMT) (envelope-from aragon@geek.sh) Received: by mail.geek.sh (Postfix, from userid 1000) id 931C924D13; Tue, 13 Jul 2004 09:57:07 +0200 (SAST) Date: Tue, 13 Jul 2004 09:57:07 +0200 From: Aragon Gouveia To: freebsd-net@freebsd.org Message-ID: <20040713075707.GA5691@phat.za.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.4i X-Operating-System: FreeBSD 4.8-RELEASE-p1 i386 Subject: mpd PPTP dropped packets X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 13 Jul 2004 07:57:10 -0000 Hi, I'm having a wierd problem I can't seem to narrow down. I've tried posting to the mpd-users list, but didn't receive a response. Am hoping someone here can help me out. Here's a quick pic of my connectivity layout: Notebook <- ADSL -> VPN server <- Ethernet -> FTP server The notebook is running FreeBSD 5.2.1-RELEASE-p5. The VPN server FreeBSD 4.10-RELEASE. The FTP server FreeBSD 4.7-RELEASE. The notebook is establishing a PPTP link to the VPN server over the ADSL link. Both machines are running mpd 3.18. Here's my config from the notebook: [mpd.conf] home: new home home set iface disable on-demand set iface idle 0 set link no afccomp protocomp set link no pap chap set link accept chap set link keep-alive 10 75 set link mtu 1400 set link mru 1400 set bundle no multilink set ipcp no vjcomp open [mpd.links] home: set link type pptp set pptp peer 196.x.y.z set pptp enable originate outcall The problem I'm having is that (seemingly) random packets are being dropped by the VPN server when performing an FTP download from the FTP server to the notebook. I know this from collecting netstat -s figures off all three machines. According to netstat -s on the VPN server: 624 packets not forwardable And the FTP server: 836 data packets (962621 bytes) retransmitted The packetloss is severe enough to cut throughput in half. At first I thought it was an MTU problem, but now I've found this doesnt seem to be the case. I've installed hping on the FTP server and have tried generating TCP packets with a data size of 1360 (total packet size of 1400) and DF set (the ftp-data packets also have DF set by the way). These packets reach the notebook without problems. When I generate a packet with a data payload of 1361 bytes and DF set, it is dropped and the VPN server emits an ICMP "Fragmentation needed but DF set" back to the FTP server. I've tcpdumped an FTP download as well. My notebook negotiates an MSS of 1360 as it should, and the FTP server complies as it should, but packets are dropped (by the VPN server I presume from netstat -s's output). What's more is that the FTP server receives no ICMP "Fragmentation needed but DF set" from the VPN server, and DF is being set. I'm pretty sure this problem is not an MTU issue. I've taken it one step further and reduced the mtu of ng0 on my notebook after pptp has negotiated and connected. When I run a download again, MSS has been reduced accordingly (and hence total packet size is waaaay below interface MTU on VPN server), but packets are still dropped. I'm stumped. I don't know what else to look at. Can anyone help me please? Thanks, Aragon