[OpenVPN home]	[Date Prev]	[Date Index]	[Date Next]
[OpenVPN mailing lists]	[Thread Prev]	[Thread Index]	[Thread Next]

[Openvpn-users] Re: tcp-server features

Subject: [Openvpn-users] Re: tcp-server features
From: Daniel Pittman <daniel@xxxxxxxxxxxx>
Date: Fri, 20 Aug 2004 09:54:59 +1000
Cancel-lock: sha1:JqLntSP08dxNCmykCCRvdIprJx8=

On 20 Aug 2004, Mathias Sundman wrote:
> On Thu, 19 Aug 2004, James Yonan wrote:
>
>> On Thursday 19 August 2004 14:43, Mathias Sundman wrote:
>>> 1. Why does not --fragment work together with --proto tcp-server? The
>>> man-page sais "The --fragment option only makes sense when you are using
>>> the UDP protocol". Why is that?
>>>
>>> Doesn't the same problem apply to TCP when Path-MTU is broken and you want
>>> to tunnel max-sized udp packets so --mssfix wount help you?
>>
>> Fragmenting doesn't make sense with TCP because TCP is a stream-based
>> protocol, not a packet-based protocol. TCP communication is a stream of
>> bytes without any packet boundaries, and so fragmenting at the application
>> protocol level doesn't really make sense in this context.  Now obviously, at
>> the IP transport level, TCP is packetizing the stream, and that is the level
>> at which things like MTU must be handled.
>
> So, are you saying that TCP will automatically shrink the packet size even
> if path-mtu is broken so it does not receive any "fragmentaion needed" 
> ICMP packets?

No, that doesn't happen, as you are obviously aware.

> If not how else do I solve the above problem if normal fragmentation is
> not working and Path-MTU is broken (because of some router blocking ip 
> fragments and icmp "fragmentaion-needed" packets)?

Move to a real network provider?  Path-MTU discovery not working is a
sign of an unhealthy network, but a sadly common one these days.

The usual fix is to cap the TCP MSS at the target MTU, and hope, or to
implement some other software workaround that fakes up the MTU discovery
messages.

There are plenty of Windows tools for doing the MSS hack if you have a
poke around for PPPoE problems;  iptables under Linux also supports it
and I imagine ipf under *BSD does as well.

Regards,
        Daniel
-- 
No corporation has ever fallen in love. But we have. Every one of us.
Love is our natural state except when our lives are manipulated by
psychotic ego vampires tripping on strychnine greed.
        -- Christopher Locke, _EGR: - Shiver & Kick_, 03/07/2000


____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users

References:
- [Openvpn-users] tcp-server features
  - From: Mathias Sundman
- Re: [Openvpn-users] tcp-server features
  - From: James Yonan
- Re: [Openvpn-users] tcp-server features
  - From: Mathias Sundman

Prev by Date: [Openvpn-users] VPN between two Gateways with same IP Address (ICS XP Pro)
Next by Date: [Openvpn-users] Setting up a 3-way TAP
Previous by thread: Re: [Openvpn-users] internal fragmentation with TCP (was: tcp-server features)
Next by thread: [Openvpn-users] What log level do i need to see the encryption used by the tunnel?
Index(es):
- Date
- Thread