Community discussions

MikroTik App
 
harenber
just joined
Topic Author
Posts: 9
Joined: Tue Aug 03, 2021 9:22 am

OpenVPN UDP 1400 byte packets lost

Tue Aug 03, 2021 9:48 am

Dear all,

I tried to setup OpenVPN to be used with Android devices. Followed these instructions: https://www.micu.eu/ovpn-server/ and setup was without any trouble.

For performance reasons (the connection should be used for streaming) I wanted to change that to UDP, so I adopted the .ovpn file as well as the router configuration and also the firewall. Connection to the server can be made, but the connection seems to "hang" during the exchange of the PPP credentials. I activated logging and this is what is in the log:

aug/02 16:48:24 ovpn,info connection established from XX.XX.XX.XX, port: 60647
aug/02 16:48:24 ovpn,debug,packet sent P_CONTROL_HARD_RESET_SERVER_V2 kid=0 sid=f0c959874d751b67 pid=0 DATA len=0
aug/02 16:48:24 ovpn,debug,packet rcvd P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 sid=977244a0d116f53d pid=0 DATA len=0
aug/02 16:48:24 ovpn,debug,packet sent P_ACK kid=0 sid=f0c959874d751b67 [0 sid=977244a0d116f53d] DATA len=0
aug/02 16:48:25 ovpn,debug,packet rcvd P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 sid=977244a0d116f53d [0 sid=f0c959874d751b67] pid=0 DATA len=0
aug/02 16:48:25 ovpn,debug,packet sent P_ACK kid=0 sid=f0c959874d751b67 [0 sid=977244a0d116f53d] DATA len=0
aug/02 16:48:25 ovpn,debug,packet rcvd P_CONTROL kid=0 sid=977244a0d116f53d pid=1 DATA len=277
aug/02 16:48:25 ovpn,debug,packet sent P_ACK kid=0 sid=f0c959874d751b67 [1 sid=977244a0d116f53d] DATA len=0
aug/02 16:48:27 ovpn,debug,packet sent P_CONTROL kid=0 sid=f0c959874d751b67 pid=1 DATA len=1400
aug/02 16:48:27 ovpn,debug,packet sent P_CONTROL kid=0 sid=f0c959874d751b67 pid=2 DATA len=1400
aug/02 16:48:27 ovpn,debug,packet sent P_CONTROL kid=0 sid=f0c959874d751b67 pid=3 DATA len=829
aug/02 16:48:28 ovpn,debug,packet rcvd P_ACK kid=0 sid=977244a0d116f53d [3 sid=f0c959874d751b67] DATA len=0
aug/02 16:48:28 ovpn,debug,packet re-sent P_CONTROL kid=0 sid=f0c959874d751b67 pid=1 DATA len=1400
aug/02 16:48:28 ovpn,debug,packet re-sent P_CONTROL kid=0 sid=f0c959874d751b67 pid=2 DATA len=1400
aug/02 16:48:29 ovpn,debug,packet re-sent P_CONTROL kid=0 sid=f0c959874d751b67 pid=1 DATA len=1400

this last line is repeated until the connection is timing out after 60 seconds.

Is looks like all packets with len=1400 get lost (this is also what I see with Wireshark on my machine).

I thought it is an MTU problem, so I tried to change the max-mtu but this does not seem to have any effect on the packet length. If I set max-mtu to 1200 or even lower n /interface/ovpn-server/server/, these DATA len=1400 packets are still in the log and the connection is not being established.

Here are is a snapshots of my config (without the certificate part, as TCP works, this shouldn't be an issue):

/ip/pool/add name=ovpn ranges=10.253.1.10-10.253.1.254

/ip/dhcp-server/network/add address=10.253.1.0/24 comment=ovpn dns-server=9.9.9.9 gateway=192.168.1.1

/ppp/profile/add bridge=bridge dns-server=9.9.9.9 local-address=ovpn name=ovpn_vpn remote-address=ovpn use-compression=no use-encryption=required

/interface/ovpn-server/server/set certificate=server cipher=blowfish128,aes128,aes192,aes256 default-profile=ovpn_vpn  enabled=yes require-client-certificate=yes set protocol=udp

/ppp/secret/add name=XX password=XX profile=ovpn_vpn service=ovpn

/ip/firewall/filter/add action=accept chain=input comment=OpenVPN dst-port=1194 protocol=udp

My .ovpn file begins like this:

client
dev tun
remote XXX 1194 udp
nobind
persist-key
persist-tun
tls-client
remote-cert-tls server
verb 4
cipher AES-256-CBC
auth SHA1
auth-user-pass
auth-nocache
redirect-gateway def1

Already tried to add mssfix but this doesn't seem to have any effect.

Already googled for some time, but without any further result. Hope someone here has an idea.

Thanks!
 
harenber
just joined
Topic Author
Posts: 9
Joined: Tue Aug 03, 2021 9:22 am

Re: OpenVPN UDP 1400 byte packets lost

Tue Aug 03, 2021 4:48 pm

Ok, I found the source of the problem, but no solution yet.

I have a non-standard internet connection (DSL/LTE hybrid) which has a lower MTU than usual lines. If I connect to the same RB with the same client config from a different host with an ordinary internet line, the connection is successfully established.

So what I need it to limit the packet size sent by the Mikrotik router. As mentioned I already tried the max-mtu setting which does not seem to have any effect.

Also tried with some mangle rules to tag the connection and pass it to a different bridge, but wasn't able to get his to run.

I would appreciate if anyone has an idea. Thanks.
 
sstyle
Frequent Visitor
Frequent Visitor
Posts: 50
Joined: Thu Jul 14, 2016 11:53 pm

Re: OpenVPN UDP 1400 byte packets lost

Tue Oct 18, 2022 5:05 pm

Same issue. Have you found the solution?

Who is online

Users browsing this forum: wawananakkaili and 27 guests