Date: Fri, 27 Jan 2006 08:39:41 -0600 From: Archie Cobbs <archie@dellroad.org> To: Brian Candler <B.Candler@pobox.com> Cc: freebsd-net@freebsd.org Subject: Re: sl2tps, MRU, MTU, and MSS Message-ID: <43DA30AD.5040907@dellroad.org> In-Reply-To: <20060127130048.GA60219@uk.tiscali.com> References: <20060105110404.GA25737@uk.tiscali.com> <20060127130048.GA60219@uk.tiscali.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Brian Candler wrote: >> 1. PPP negotiates an MRU of 1400 >> 2. However, ifconfig ng0 shows an MTU of 1376 (where does that come from?) >> 3. When the client opens a TCP connection, it offers an MSS of 1360 > > ...and then fragmentation problems occur, because the remote server sends IP > datagrams which are 1400 bytes with DF bit set, the ng0 interface with MTU > 1376 rejects them, the generated ICMP messages are discarded by an > intervening NAT gateway, and the TCP connection fails. Sounds like the NAT gateway is the root cause of all this, no? While all the MTU logic in slt2ps is probably not optimal, in theory it shouldn't matter if it's not optimal because ICMP should be working. A router is supposed to be able to reduce the MTU if it needs to and things should continue to work. Instead of "fixing" sl2ps to work in your particular situation (and breaking it in other situations), is it possible to fix/replace the broken gateway instead? (Try a FreeBSD box instead :-) Some background as best as I can remember... The reduction of MTU to account for PPP protocol overhead (MPPE) is not controversial. Obviously if the hard MTU is (say) 1400 and you've got 4 bytes of MPPE overhead, then the interface MTU should be <= 1396. You're right that this shouldn't really happen unless MPPE is actually negotiated, but that's harder to do.. MPPE negotiation happens after link negotiation. To avoid this, disable MPPE if you can. The WinXP hack is something that at some time was deemed necessary to work around a bug in Windows XP. As I recall, it would advertise a MRU that was actually bigger than what it would really accept. Since there was no easy way to detect WinXP clients, we had to put in this workaround unconditionally. This may have only been a bug in pre-SP2 WinXP. It was (IIRC) when trying to do L2TP over IPSec, not PPTP. Hope this helps. -Archie __________________________________________________________________________ Archie Cobbs * CTO, Awarix * http://www.awarix.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?43DA30AD.5040907>