From owner-freebsd-questions Sun May 12 10:45: 7 2002 Delivered-To: freebsd-questions@freebsd.org Received: from InterJet.dellroad.org (adsl-63-194-81-26.dsl.snfc21.pacbell.net [63.194.81.26]) by hub.freebsd.org (Postfix) with ESMTP id 3D63E37B406 for ; Sun, 12 May 2002 10:45:02 -0700 (PDT) Received: from arch20m.dellroad.org (arch20m.dellroad.org [10.1.1.20]) by InterJet.dellroad.org (8.9.1a/8.9.1) with ESMTP id KAA55494; Sun, 12 May 2002 10:34:36 -0700 (PDT) Received: (from archie@localhost) by arch20m.dellroad.org (8.11.6/8.11.6) id g4CHYRg16909; Sun, 12 May 2002 10:34:27 -0700 (PDT) (envelope-from archie) From: Archie Cobbs Message-Id: <200205121734.g4CHYRg16909@arch20m.dellroad.org> Subject: Re: Network problems in recent -stable In-Reply-To: <1020992958.18920.113.camel@gurney.reilly.home> "from Andrew Reilly at May 10, 2002 11:09:17 am" To: Andrew Reilly Date: Sun, 12 May 2002 10:34:27 -0700 (PDT) Cc: freebsd-questions@freebsd.org X-Mailer: ELM [version 2.4ME+ PL88 (25)] MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Andrew Reilly writes: > I follow -stable on a more-or-less weekly basis, and this has it's ups > and downs, because sometimes things change, and it's not clear whether > the change is the result of the system upgrade, a port upgrade, or > something external. All good fun, anyway. > > I maintain an MS-PPTP VPN link between my FreeBSD system and my office > network, using the mpd port and netgraph. This has, historically, been > really reliable, and works well. Lately, I've been having problems, > though: > > Often, mail sent _to_ the office mail server will hang, and qmail-send > will note a time-out. Mail from the server is almost never a problem > (fetchmail), and messages sent manually, by typing SMTP through a telnet > session also always work fine. > > I've recently noticed CVS update, diff and commit commands failing. > Turning on logging (cvs -t) shows that a hang occurs when sending files > to the server (another FreeBSD-4.something box). Checking out whole > project directories works fine, though. Only sent data is the problem. > > Yesterday I tried running some X clients across the VPN, with apparently > similar results. xev would run, but xv and xterm would hang. Both > would run nicely through an ssh proxy connection, rather than over the > VPN. > > I've run tcpdump on ng0, the netgraph VPN interface, and these hangs > show my system sending an ACK packet over and over again, with no reply > or progress from the other end. > > In summary: it sounds to me like a fragmentation/MTU problem on packets > sent from my machine to machines on the office network. Little packets > get through fine, but large ones that have to fragment get lost in the > works. Seemingly. > > Trouble is, I know only enough TCP/IP networking juju to get myself into > trouble. I don't know how to tweak MTUs, or even to determine whether > that is indeed the problem. Are there network trouble-shooting > diagnostic tools in the system, or in the ports collection? I need to > get to the bottom of this, but don't know where to start. First, a question: what is the PPTP machine at the other end? Is it a MS machine or are both ends using mpd? What is supposed to happen is this: your local machine sends a large TCP packet to the office with the 'DF' bit set (this is path MTU discovery). The mpd machine sees that it must fragment the packet (because the packet is larger than the MTU on the 'ng0' interface). But the 'DF' (don't fragment) bit is set, so the mpd machine should send an ICMP packet back to the local machine, which should adjust accordingly. So some step in that process may not be happening; this should be verifyable with tcpdump. A possible workaround is to enable multi-link PPP, if both ends support doing that. Another thing to play with is manually adjusting the MTU on the 'ng0' interface to see if that changes things. Also, see if larget ping packets get through ('ping -s 2000 ...') when send from either the mpd machine or the local machine. -Archie __________________________________________________________________________ Archie Cobbs * Packet Design * http://www.packetdesign.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message