VPN MTU limit breaks ssh connection to openssh 6.2p2 server
Ernst Kratschmer
ernstk at us.ibm.com
Sat Nov 9 04:33:22 EST 2013
Hi Alex,
I am sorry, but I don't know what "ping with DF set" is.
I can run "ping -l size". This fails if size is greater than 1252, over
VPN or LAN.
Not sure if this helps.
-Ernst
From:
Alex Bligh <alex at alex.org.uk>
To:
Ernst Kratschmer/Watson/IBM at IBMUS,
Cc:
Alex Bligh <alex at alex.org.uk>, dtucker at zip.com.au, Damien Miller
<djm at mindrot.org>, openssh-unix-dev at mindrot.org
Date:
11/08/2013 11:11 AM
Subject:
Re: VPN MTU limit breaks ssh connection to openssh 6.2p2 server
On 8 Nov 2013, at 15:26, Ernst Kratschmer wrote:
> If I understand Darren correctly, he is concerned that the packet
> fragmentation causes fragments to get dropped. From my debug, I can see
> that the 1460 byte packet get split into two packets exactly as expected
> from the MTU limit.
Run a ping with DF set across your tunnel and sweep the packet size. This
should stop working at one particular packet size.
Now run a ping without DF set across your tunnel and repeat. This should
work for all packet sizes. I bet one particular size fails. This will be
breaking pMTU discovery.
--
Alex Bligh
More information about the openssh-unix-dev
mailing list