Re: [Openvpn-devel] [ovpn-dco] sudden network disconnection

[Tony He]

sorry, update transport interface.
 % ifconfig enx00e04c680a44
enx00e04c680a44: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.1.10  netmask 255.255.255.0  broadcast 192.168.1.255
        inet6 fe80::ec9b:2258:82ec:3cdb  prefixlen 64  scopeid 0x20<link>
        ether 00:e0:4c:68:0a:44  txqueuelen 1000  (Ethernet)
        RX packets 10365932  bytes 6963820421 (6.9 GB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 11883693  bytes 11887431595 (11.8 GB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

Tony He <huangy...@gmail.com> 于2021年4月1日周四 下午3:01写道：

>
>
> Antonio Quartulli <a...@unstable.cc> 于2021年4月1日周四 下午2:35写道：
>
>> Hi Tony,
>>
>> On 01/04/2021 04:38, Tony He wrote:
>> > Hi Antonio, Arne,
>> >
>> > According to the dump, this issue is caused by fragment. If I set
>> > link-mtu to 1472 in the condition of encryption "none", it's gone.
>> > I also can reproduce the fragment in my Linux x86-64 PC and Linux VM .
>> > They use kernel 5.4. Fragment affects the performance
>> > in the low-end devices. It also consumes more CPU resource in low-end
>> > and high-end devices.  If I'm not mistaken, we don't need
>> > to set link-mtu without dco. Is this a bug? Can you reproduce? Do I
>> > still need to upload my dump? If so, maybe I need to provide a link.
>>
>> You told us what you did to fix, but you haven't fully explained what
>> the "broken setup" is. We don't have your configs, so we can't say what
>> is creating the issue in your scenario.
>>
> server config:
> root@OpenWrt:/tmp# cat openvpn-sample_server-fragment.conf
> data-ciphers none
> auth none
> topology subnet
> persist-key
> persist-tun
> ca /etc/luci-uploads/cbid.openvpn.sample_server.ca
> cert /etc/luci-uploads/cbid.openvpn.sample_server.cert
> dev tun
> dh /etc/luci-uploads/cbid.openvpn.sample_server.dh
> ifconfig-pool-persist /tmp/ipp.txt
> keepalive 10 120
> key /etc/luci-uploads/cbid.openvpn.sample_server.key
> port 1194
> proto udp
> server 10.8.0.0 255.255.255.0
> status /tmp/openvpn-status.log
> verb 3
>
> client config:
>  % cat  client-framgment.conf
> auth none
> client
> dev tun
> proto udp
> remote 192.168.1.1 1194
> resolv-retry infinite
> nobind
> persist-key
> persist-tun
> ca ca.crt
> cert client.crt
> key client.key
> data-ciphers none
> verb 2
> writepid /var/run/openvpn.pid
>
>
>> What is the MTU on the DCO and on the transport interfaces when the
>> problem shows us?
>>
> % ifconfig ovpn-dco0
> ovpn-dco0: flags=81<UP,POINTOPOINT,RUNNING>  mtu 1500
>         inet 10.8.0.2  netmask 255.255.255.0  destination 10.8.0.2
>         inet6 fe80::3559:b6c1:3fc3:b8cb  prefixlen 64  scopeid 0x20<link>
>         unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  txqueuelen
> 1000  (UNSPEC)
>         RX packets 0  bytes 0 (0.0 B)
>         RX errors 0  dropped 0  overruns 0  frame 0
>         TX packets 1  bytes 134 (134.0 B)
>         TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
>  % ifconfig ovpn-dco0
> ovpn-dco0: flags=81<UP,POINTOPOINT,RUNNING>  mtu 1500
>         inet 10.8.0.2  netmask 255.255.255.0  destination 10.8.0.2
>         inet6 fe80::3559:b6c1:3fc3:b8cb  prefixlen 64  scopeid 0x20<link>
>         unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  txqueuelen
> 1000  (UNSPEC)
>         RX packets 0  bytes 0 (0.0 B)
>         RX errors 0  dropped 0  overruns 0  frame 0
>         TX packets 1  bytes 134 (134.0 B)
>         TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
> log from openvpn client:
> 2021-04-01 14:57:31 net_iface_mtu_set: mtu 1500 for ovpn-dco0
>


_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel