Date: Sun, 12 May 2002 10:34:27 -0700 (PDT) From: Archie Cobbs <archie@dellroad.org> To: Andrew Reilly <areilly@bigpond.net.au> Cc: freebsd-questions@freebsd.org Subject: Re: Network problems in recent -stable Message-ID: <200205121734.g4CHYRg16909@arch20m.dellroad.org> In-Reply-To: <1020992958.18920.113.camel@gurney.reilly.home> "from Andrew Reilly at May 10, 2002 11:09:17 am"
next in thread | previous in thread | raw e-mail | index | archive | help
Andrew Reilly writes:
> I follow -stable on a more-or-less weekly basis, and this has it's ups
> and downs, because sometimes things change, and it's not clear whether
> the change is the result of the system upgrade, a port upgrade, or
> something external. All good fun, anyway.
>
> I maintain an MS-PPTP VPN link between my FreeBSD system and my office
> network, using the mpd port and netgraph. This has, historically, been
> really reliable, and works well. Lately, I've been having problems,
> though:
>
> Often, mail sent _to_ the office mail server will hang, and qmail-send
> will note a time-out. Mail from the server is almost never a problem
> (fetchmail), and messages sent manually, by typing SMTP through a telnet
> session also always work fine.
>
> I've recently noticed CVS update, diff and commit commands failing.
> Turning on logging (cvs -t) shows that a hang occurs when sending files
> to the server (another FreeBSD-4.something box). Checking out whole
> project directories works fine, though. Only sent data is the problem.
>
> Yesterday I tried running some X clients across the VPN, with apparently
> similar results. xev would run, but xv and xterm would hang. Both
> would run nicely through an ssh proxy connection, rather than over the
> VPN.
>
> I've run tcpdump on ng0, the netgraph VPN interface, and these hangs
> show my system sending an ACK packet over and over again, with no reply
> or progress from the other end.
>
> In summary: it sounds to me like a fragmentation/MTU problem on packets
> sent from my machine to machines on the office network. Little packets
> get through fine, but large ones that have to fragment get lost in the
> works. Seemingly.
>
> Trouble is, I know only enough TCP/IP networking juju to get myself into
> trouble. I don't know how to tweak MTUs, or even to determine whether
> that is indeed the problem. Are there network trouble-shooting
> diagnostic tools in the system, or in the ports collection? I need to
> get to the bottom of this, but don't know where to start.
First, a question: what is the PPTP machine at the other end? Is it
a MS machine or are both ends using mpd?
What is supposed to happen is this: your local machine sends a large
TCP packet to the office with the 'DF' bit set (this is path MTU
discovery). The mpd machine sees that it must fragment the packet
(because the packet is larger than the MTU on the 'ng0' interface).
But the 'DF' (don't fragment) bit is set, so the mpd machine should
send an ICMP packet back to the local machine, which should adjust
accordingly.
So some step in that process may not be happening; this should be
verifyable with tcpdump.
A possible workaround is to enable multi-link PPP, if both ends support
doing that.
Another thing to play with is manually adjusting the MTU on the 'ng0'
interface to see if that changes things. Also, see if larget ping
packets get through ('ping -s 2000 ...') when send from either the mpd
machine or the local machine.
-Archie
__________________________________________________________________________
Archie Cobbs * Packet Design * http://www.packetdesign.com
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200205121734.g4CHYRg16909>