While trying to setup an Ubuntu Linux server as a client to an l2tp/IPSEC server, I notice inconsistencies while trying to send data.
The tunnel/VPN establish the connection / handshake properly and from the client I can ping / ssh to all the machines as expected.
I notice the problem while trying to send data from the client to a remote machine while using scp.
I can copy / get anything without problems:
scp user@vpn:/tmp/test.file
But if I try to send data and the file size to be sent is > the vpn MTU (1280):
scp /tmp/test.file user@vpn:/tmp
I get a "Packet Corrupt" message.
Without success I tried this: ethtool -K eth0 tx off
Using tcpdump I notice that all outgoing packages no matter the size all contain the DF flag, for some reason packages going through the ppp0 interface where not fragmented.
The configuration I am using is:
ipcp-accept-local
ipcp-accept-remote
refuse-eap
require-mschap-v2
noccp
noauth
idle 1800
mtu 1280
mru 1280
defaultroute
usepeerdns
debug
lock
connect-delay 5000
Some of the logs I get:
pppd[26423]: sent [LCP EchoReq id=0x1 magic=0x4501dc87]
pppd[26423]: rcvd [LCP EchoRep id=0x1 magic=0xd6736575]
If I send files in chunks bigger than the MTU:
pppd[12603]: Protocol-Reject for unsupported protocol 0xb8af
pppd[12603]: rcvd [LCP ProtRej id=0x8 ...]
A way around to this is to use rsync and limit the outgoing bandwidth:
rsync -vvv --bwlimit=16 -P -e "ssh -i ssh_key.pem" /tmp.test.file user@vpn:/tmp
Other clients running iOS / OS X from same network have no issues at all, both can send/get data with out any problems, therefore I am not suspecting a problem with the VPN server.
Any ideas or possible patches to fix this issue?
0 Answers