Hello,
We tried to change our TP-Link on RB1200.
We have very simple setup on - masquerade + two dst nat. And same is on TP-Link.
Port forwarding is for OpenVPN Server on CentOS.
If I replace TP-Link with RB1200 I have issue with OpenVPN Tunnels.
I can ping any PC and Servers in the LAN, connect to any Linux Servers, but not for all Windows Servers.
It seems like MTU problem.
Does some one have similar issue ?
How I can troubleshoot this ?
RB1200 and Linux OpenVPN Server issue.
Last edited by stmx38 on Mon Nov 14, 2011 10:30 pm, edited 1 time in total.
-
-
cieplik206
Trainer
- Posts: 290
- Joined:
- Contact:
Re: RB1200 and OpenVPN Server issue.
No same issues, but if its a MTU problem you can force smaller MTU on TCP connection
to do that action "change MSS" is used for.
for examlpe
to do that action "change MSS" is used for.
for examlpe
Code: Select all
/ip firewall mangle add action=change-mss chain=postrouting disabled=no new-mss=1459 passthrough=yes protocol=tcp tcp-flags=syn tcp-mss=1460-65535Re: RB1200 and OpenVPN Server issue.
cieplik206,
Thank you for reply.
But this not helped me
.
I tried also to change this on VPN Server side, but with no luck
Thank you for reply.
But this not helped me
.I tried also to change this on VPN Server side, but with no luck
Code: Select all
iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
#iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --set-mss 1368
Re: RB1200 and Linux OpenVPN Server issue.
As I can see in tcpdump - TCP Session started but data sended but data sended by my VPN Client can't reach Windows Server or Windows Workstation. It just tried to retransmit it.
Re: [Openvpn-users] MoreOpenVPN MTU weirdness I cant understand
Re: [Openvpn-users] MoreOpenVPN MTU weirdness I cant understand