Hi,
At this point I am not going to change anything and risk people
getting mad at me :-).
The VPN is working properly everywhere except for rogers on LTE. So I am
using 3G,
and it is working properly. IPV6 has been disabled by Rogers. Not too
terrible.
On 10/17/18 06:25, Jan Just Keijser wrote:
On 15/10/18 16:53, Kristian McColm wrote:
Re: [Openvpn-users] iphone7 with keynote
Hi Frank,
Did you try :
link-mtu 1440
or lower on the server config, and removing other MTU/MSS related
settings? This made it work for me. What Rogers are doing is forcing
your handset back to dual-stacked mode so that the connection will be
over native IPv4 instead of 6to4 (NAT64) which will make it work
again, but you should probably be thinking about enabling native IPv6
on your VPN anyway right?
In 99 out of a 100 cases you do not (should not!) want to mess with
tun-mtu or link-mtu.
If your provider screws up UDP traffic then you should first try
fragment 1400
mssfix
before attempting anything else - that way, the default MTU is left
intact but the OpenVPN data traffic is broken into smaller fragments.
If that does not work, then try getting a tcpdump log on both client
and server side, to see which packets are mangled and/or dropped.
HTH,
JJK
*From:*Frank [mailto:ve2...@ve2cii.com]
*Sent:* October 15, 2018 09:39
*To:* openvpn-users@lists.sourceforge.net
*Subject:* Re: [Openvpn-users] iphone7 with keynote
Hi Everyone,
Here is an update for this issue.
I have upgraded the openvpn server to 2.4.6. I upgraded all the
client vpn's to 2.4.6.
I then called Rogers for the 2 phones. They confirmed there is an
issue with vpn in
general and IPV6. Their solution was to first redo my phone config
on their server.
Now 3G openvpn works properly on my phone. LTE still does not work.
At least it
is a start. The next thing they said they are going to do is to
remove our 2 phones from
the IPV6 configuration which takes 48 hrs. I am going to wait a
couple of days and
see what happens.
So basically Rogers changed the config on their end and I changed
nothing, and it is working
on 3G.
On 9/26/18 11:05, Gregory Sloop wrote:
I don't have time to walk you through all the details and
troubleshoot - but while 1440 might be a good choice, I'd
probably pick something like 1400 or even 1380. As I've said a
few times - if you pick an MTU of 1440 and you really needed
1339, it won't work. But if you pick 1400 and it could have been
as big as 1440 it will still work, with *slightly* less efficient
through-put of useable data.
Picking exactly 1440, trying one MTU and giving up, seems pretty
counter-productive. [There are some tutorials on testing and
picking the optimal MTU, a Google search might be useful.
However, IME, picking something a bit smaller than your tested
optimal MTU helps should something else occur that reduces the
MTU further in a different/new connection.]
Test several MTU sizes; I tend to vary them by say 20 bytes each try.
[TLDR; I'd rather have my MTU 100 bytes too small than 1 byte too
large - because one byte too large will probably fail and 100
bytes too small will still work [while being slightly less
efficient than the maximum.]
Good luck!
*F> I am unable to compile 2.4.6. I had compiled 2.4.4 but
it would not
F> run.
F> I just tried setting the link-mtu to 1440 with 2.0.9 on the
server and that
F> did not work. I was able to connect but still server errors
when trying
F> to surf. Plus it
F> gave me inconsistant mtu errors in the log.
F> On 9/26/18 10:42, Gert Doering wrote:
>> HI,
>> On Wed, Sep 26, 2018 at 10:13:09AM -0400, Frank wrote:
>>> The server has an IPV6 address, and it is dual stack.
I am not
>>> sure if openvpn was compiled
>>> with ipv6 support. It is openvpn-2.0.9. Let me see what I
can do.
>> If you run openvpn 2.0.9 on the *server*, you should upgrade.
>> Like, yesterday...
>> Current release is 2.4.6. More modern cipher support
(AES-GCM), much
>> better IPv6 support (inside and outside the tunnel), a number
of security
>> issues fixed, ...
>> gert
F> _______________________________________________
F> Openvpn-users mailing list
*F> Openvpn-users@lists.sourceforge.net
<mailto:Openvpn-users@lists.sourceforge.net>
F> https://lists.sourceforge.net/lists/listinfo/openvpn-users
<https://lists.sourceforge.net/lists/listinfo/openvpn-users>
/--
Gregory Sloop, Principal: Sloop Network & Computer Consulting
Voice: 503.251.0452 x82
EMail: /gr...@sloop.net <mailto:gr...@sloop.net>
http://www.sloop.net
/--- /
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users