sorry, update transport interface.
% ifconfig enx00e04c680a44
enx00e04c680a44: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.1.10 netmask 255.255.255.0 broadcast 192.168.1.255
inet6 fe80::ec9b:2258:82ec:3cdb prefixlen 64 scopeid 0x20<link>
ether 00:e0:4c:68:0a:44 txqueuelen 1000 (Ethernet)
RX packets 10365932 bytes 6963820421 (6.9 GB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 11883693 bytes 11887431595 (11.8 GB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
Tony He <[email protected]> 于2021年4月1日周四 下午3:01写道:
>
>
> Antonio Quartulli <[email protected]> 于2021年4月1日周四 下午2:35写道:
>
>> Hi Tony,
>>
>> On 01/04/2021 04:38, Tony He wrote:
>> > Hi Antonio, Arne,
>> >
>> > According to the dump, this issue is caused by fragment. If I set
>> > link-mtu to 1472 in the condition of encryption "none", it's gone.
>> > I also can reproduce the fragment in my Linux x86-64 PC and Linux VM .
>> > They use kernel 5.4. Fragment affects the performance
>> > in the low-end devices. It also consumes more CPU resource in low-end
>> > and high-end devices. If I'm not mistaken, we don't need
>> > to set link-mtu without dco. Is this a bug? Can you reproduce? Do I
>> > still need to upload my dump? If so, maybe I need to provide a link.
>>
>> You told us what you did to fix, but you haven't fully explained what
>> the "broken setup" is. We don't have your configs, so we can't say what
>> is creating the issue in your scenario.
>>
> server config:
> root@OpenWrt:/tmp# cat openvpn-sample_server-fragment.conf
> data-ciphers none
> auth none
> topology subnet
> persist-key
> persist-tun
> ca /etc/luci-uploads/cbid.openvpn.sample_server.ca
> cert /etc/luci-uploads/cbid.openvpn.sample_server.cert
> dev tun
> dh /etc/luci-uploads/cbid.openvpn.sample_server.dh
> ifconfig-pool-persist /tmp/ipp.txt
> keepalive 10 120
> key /etc/luci-uploads/cbid.openvpn.sample_server.key
> port 1194
> proto udp
> server 10.8.0.0 255.255.255.0
> status /tmp/openvpn-status.log
> verb 3
>
> client config:
> % cat client-framgment.conf
> auth none
> client
> dev tun
> proto udp
> remote 192.168.1.1 1194
> resolv-retry infinite
> nobind
> persist-key
> persist-tun
> ca ca.crt
> cert client.crt
> key client.key
> data-ciphers none
> verb 2
> writepid /var/run/openvpn.pid
>
>
>> What is the MTU on the DCO and on the transport interfaces when the
>> problem shows us?
>>
> % ifconfig ovpn-dco0
> ovpn-dco0: flags=81<UP,POINTOPOINT,RUNNING> mtu 1500
> inet 10.8.0.2 netmask 255.255.255.0 destination 10.8.0.2
> inet6 fe80::3559:b6c1:3fc3:b8cb prefixlen 64 scopeid 0x20<link>
> unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 txqueuelen
> 1000 (UNSPEC)
> RX packets 0 bytes 0 (0.0 B)
> RX errors 0 dropped 0 overruns 0 frame 0
> TX packets 1 bytes 134 (134.0 B)
> TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
> % ifconfig ovpn-dco0
> ovpn-dco0: flags=81<UP,POINTOPOINT,RUNNING> mtu 1500
> inet 10.8.0.2 netmask 255.255.255.0 destination 10.8.0.2
> inet6 fe80::3559:b6c1:3fc3:b8cb prefixlen 64 scopeid 0x20<link>
> unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 txqueuelen
> 1000 (UNSPEC)
> RX packets 0 bytes 0 (0.0 B)
> RX errors 0 dropped 0 overruns 0 frame 0
> TX packets 1 bytes 134 (134.0 B)
> TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
> log from openvpn client:
> 2021-04-01 14:57:31 net_iface_mtu_set: mtu 1500 for ovpn-dco0
>
_______________________________________________
Openvpn-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
