Community discussions

 
tr00g33k
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 84
Joined: Sun Mar 29, 2015 3:58 pm

Max MTU through PPPoE smaller than through PPPoE/OpenVPN

Mon Sep 03, 2018 12:13 am

Hello,

I have been playing around a bit with max MTU path discovery, and I came across something strange.

My setup is following:
Image

I have OpenVPN tunnel established beetwen R1 and R2 (MikroTiks), R1 access internet through PPPoE, R2 have ISP with pure ethernet.

Then i have my setup following
-PC1 goes from R1 through OpenVPN tunnel to R2, and there on the internet. (OpenVPN is established, through internet connection of R1-PPPoE), when i try to run max MTU discover on PC1, it is 1500 (it goes thorugh OpenVPN that is established through PPPoE).
Image


-PC2 goes on internet directly from R1 through PPPoE, and when i try to run max MTU discovery it is 1480.
Image

Now my question is how is it possible that max mtu discovered through PPPoE and than additionally through OpenVPN is higher, than directly through PPPoE? Shouldnt OpenVPN add its own overhead of lets say 69 bytes so if we calculate max MTU on PPPoE is 1480 - 69, that should be 1411? Can someone please explain me what I do not understand correctly.

PPPoE:
Image

OpenVPN:
Image
 
User avatar
Anumrak
Forum Guru
Forum Guru
Posts: 1051
Joined: Fri Jul 28, 2017 2:53 pm

Re: Max MTU through PPPoE smaller than through PPPoE/OpenVPN

Mon Sep 03, 2018 12:38 pm

I believe that you restriction of fragmentation works on different layer 3 levels:

When you set in mturoute that you do not want packets be fragmented, you set it in Open VPN interface, but not in your PPPoE interface. So when you put the flag "do not fragment" in Open VPN packets, there is no such flag in packets which encapsulated in PPPoE frames. IP packets from PPPoE interface do not inherit this flag from Open VPN packets. So when you starting to push icmp, PPPoE interface do fragment these packets inside master packets. And your slave Open VPN packets had know clue, that upper layer packets were fragmented.

Correct me if I wrong :)
 
tr00g33k
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 84
Joined: Sun Mar 29, 2015 3:58 pm

Re: Max MTU through PPPoE smaller than through PPPoE/OpenVPN

Mon Sep 03, 2018 3:12 pm

That is exactly what i figured out. It didnt go out of my head, so i used good old wireshark to check what is going on R1 and R2. The packet are fragmented but if you are PC1 you dont know about it, because they are fragmented through PPPoE and on the link to the R2.

And on the other side of OpeVPN you recive whole packet, because it was already fragmented on R2 internet uplink. This could sometimes be a problem if you dont know through what kind of tunnels your ISP is routing you to internet, and the packets may be fragmented without you knowing it.
 
User avatar
Anumrak
Forum Guru
Forum Guru
Posts: 1051
Joined: Fri Jul 28, 2017 2:53 pm

Re: Max MTU through PPPoE smaller than through PPPoE/OpenVPN

Mon Sep 03, 2018 3:21 pm

That is exactly what i figured out. It didnt go out of my head, so i used good old wireshark to check what is going on R1 and R2. The packet are fragmented but if you are PC1 you dont know about it, because they are fragmented through PPPoE and on the link to the R2.

And on the other side of OpeVPN you recive whole packet, because it was already fragmented on R2 internet uplink. This could sometimes be a problem if you dont know through what kind of tunnels your ISP is routing you to internet, and the packets may be fragmented without you knowing it.
Yeah. That's why better set a bit lower MTU of the tunnel, cause you don't know what MTU have your ISP(sometimes).

Who is online

Users browsing this forum: No registered users and 33 guests