Andre Ruppert wrote:
Hello to the list...
The problem: a long time running stable v3.4 OBSD VPN gateway running
behind a (german) SDSL line was replaced with a gateway version 3.7
(stable).
Now I got ppp mtu problems and can't see why.
Most config-files were just copied from v3.4, the ppp.conf file didn't
change:
#############################################
default:
set log all -sync -physical -tcp/ip -DNS
set redial 10 0
set reconnect 10 2000000000
set timeout 0
set device "!/usr/sbin/pppoe -vvvv -i xl0"
set speed sync
disable acfcomp protocomp ipv6cp
deny acfcomp
set ifaddr 10.0.0.1/0 10.0.0.2/0
enable mssfixup
accept lqr
connect:
set authname "kjfvkjfdkjdfgkj"
set authkey "jfhkfhfjhfvjkhfk"
set mtu max 1416
set mru max 1416
add! default HISADDR
##############################################
pppoe (v3.7) is still userland.
Don't ask why mtu is 1416 - all traffic is sent through an l2tp tunnel
too, so it's a "must". ;-)
Both sides are running OBSD VPN gateways (ipsec/ISAKMPD).
Remote gateway is always a v3.4 version.
With v3.7 I got ppp log messages:
tun0: Error: ip_Input: deflink: wrote 1452, got Message too long....
I don't use ppp, but I've seen similar MTU problems with IPsec traffic.
Using scrub on the enc in pf.conf did solve this problem.
Maybe you can try something like :
scrub in on tun0 all no-df max-mss 1416
scrub out on tun0 all no-df max-mss 1416
Regards,
Ivo