Hi Frank, Did you try :
link-mtu 1440 or lower on the server config, and removing other MTU/MSS related settings? This made it work for me. What Rogers are doing is forcing your handset back to dual-stacked mode so that the connection will be over native IPv4 instead of 6to4 (NAT64) which will make it work again, but you should probably be thinking about enabling native IPv6 on your VPN anyway right? Regards Kristian From: Frank [mailto:ve2...@ve2cii.com] Sent: October 15, 2018 09:39 To: openvpn-users@lists.sourceforge.net Subject: Re: [Openvpn-users] iphone7 with keynote Hi Everyone, Here is an update for this issue. I have upgraded the openvpn server to 2.4.6. I upgraded all the client vpn's to 2.4.6. I then called Rogers for the 2 phones. They confirmed there is an issue with vpn in general and IPV6. Their solution was to first redo my phone config on their server. Now 3G openvpn works properly on my phone. LTE still does not work. At least it is a start. The next thing they said they are going to do is to remove our 2 phones from the IPV6 configuration which takes 48 hrs. I am going to wait a couple of days and see what happens. So basically Rogers changed the config on their end and I changed nothing, and it is working on 3G. On 9/26/18 11:05, Gregory Sloop wrote: I don't have time to walk you through all the details and troubleshoot - but while 1440 might be a good choice, I'd probably pick something like 1400 or even 1380. As I've said a few times - if you pick an MTU of 1440 and you really needed 1339, it won't work. But if you pick 1400 and it could have been as big as 1440 it will still work, with *slightly* less efficient through-put of useable data. Picking exactly 1440, trying one MTU and giving up, seems pretty counter-productive. [There are some tutorials on testing and picking the optimal MTU, a Google search might be useful. However, IME, picking something a bit smaller than your tested optimal MTU helps should something else occur that reduces the MTU further in a different/new connection.] Test several MTU sizes; I tend to vary them by say 20 bytes each try. [TLDR; I'd rather have my MTU 100 bytes too small than 1 byte too large - because one byte too large will probably fail and 100 bytes too small will still work [while being slightly less efficient than the maximum.] Good luck! F> I am unable to compile 2.4.6. I had compiled 2.4.4 but it would not F> run. F> I just tried setting the link-mtu to 1440 with 2.0.9 on the server and that F> did not work. I was able to connect but still server errors when trying F> to surf. Plus it F> gave me inconsistant mtu errors in the log. F> On 9/26/18 10:42, Gert Doering wrote: >> HI, >> On Wed, Sep 26, 2018 at 10:13:09AM -0400, Frank wrote: >>> The server has an IPV6 address, and it is dual stack. I am not >>> sure if openvpn was compiled >>> with ipv6 support. It is openvpn-2.0.9. Let me see what I can do. >> If you run openvpn 2.0.9 on the *server*, you should upgrade. >> Like, yesterday... >> Current release is 2.4.6. More modern cipher support (AES-GCM), much >> better IPv6 support (inside and outside the tunnel), a number of security >> issues fixed, ... >> gert F> _______________________________________________ F> Openvpn-users mailing list F> Openvpn-users@lists.sourceforge.net<mailto:Openvpn-users@lists.sourceforge.net> F> https://lists.sourceforge.net/lists/listinfo/openvpn-users<https://lists.sourceforge.net/lists/listinfo/openvpn-users> -- Gregory Sloop, Principal: Sloop Network & Computer Consulting Voice: 503.251.0452 x82 EMail: gr...@sloop.net<mailto:gr...@sloop.net> http://www.sloop.net --- _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net<mailto:Openvpn-users@lists.sourceforge.net> https://lists.sourceforge.net/lists/listinfo/openvpn-users
_______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
