We have moved to a new Sailfish OS Forum. Please start new discussions there.
7

[regression] default MTU too small for OpenConnect VPN

asked 2014-12-29 14:36:58 +0200

penpen gravatar image

updated 2014-12-29 16:15:21 +0200

User case: Jolla as USB Ethernet device (Internet Sharing) for RHEL7 laptop and using NetworkManager/OpenConnect for VPN connection.

Vaarainjärvi (1.1.1.27) dropped the default MTU to 1280 for cellular data (See https://together.jolla.com/question/71741/release-notes-software-version-11127-vaarainjarvi/ and https://together.jolla.com/question/52762/why-doesnt-jolla-work-with-saunalahtis-internet4-apn/?answer=53232#post-id-53232).

Cisco's AnyConnect requires 96 bytes for its packet headers. And this combined with Jolla's MTU 1280 means that OpenConnect should be using MTU 1184 but in RHEL7 OpenConnect software is considering that too small. In other words if I manually configure NetworkManager/OpenConnect to use MTU 1184 for new VPN connection OpenConnect is refusing to use it and replacing that with MTU 1200 which is too large for Jolla's cellular data connection.

Because the auto discovery for correct MTU is not working correctly with Vaarainjärvi, I manually tried to set the MTUs via NetworkManager and ifconfig/ip commands.

SSH connections and HTTP/HTTPS connections through the VPN tunnel are hanging on RHEL7 host due this change. It could be argued to the both ways that the issue is with Jolla or OpenConnect software, or both. Maybe Jolla should be more intelligent on the default MTU for cellular data, or there could be a new MTU configuration option in the Mobile network's Internet settings in the Settings application.

edit retag flag offensive close delete

1 Answer

Sort by » oldest newest most voted
7

answered 2014-12-29 15:52:18 +0200

tigeli gravatar image

Sure I would like to see a world where the PMTUD would always work.. but that will not happen and the problem is not the the Vaarainjärvi or any other release of SailfishOS.

However, this problem is more of a OpenConnect issue if it's refusing to use MTU of 1184 with ipv4-tunneling (ipv6 requires minimum MTU of 1280) but if you are doing ipv6 you could do packet fragmentation on tunneling interface -> still OpenConnect issue if it's not doing it.

However as a quick and "dirty fix" you can do "ifconfig rmnet0 mtu 1500" as a root on jolla after you have setup the cellular connection on it.

Can't promise configurable MTU for cellular for any given date but will think about it.

edit flag offensive delete publish link more

Comments

1

Thanks for the answer. I understand your view that it is OpenConnect issue but I also know some network guys think that Jolla is simply using too small MTU. I know it is within the specs but it seems that it is so small that it is causing issues in the real world (forcing other network software to use smaller than recommended MTU values), and OpenConnect might not be the only thing that is affected by small MTU values, so that is why I'm bringing this up. It would be nice if you can think something to make this more plug'n'play solution in the future as it was before this change.

penpen ( 2015-01-04 17:28:38 +0200 )edit

I have problems using mobile data connection (provider: "Drei" in Austria). I just tried a different MTU size (1460) using the command you provided and it seems better! Is there any way to make this permanent? Because it seems that it's reset to default once the connection is brought down and up again.

chrila ( 2015-01-08 18:57:36 +0200 )edit

I've also been bitten by this. The strangest part is that the Openconnect connection seems to work for the most part, and only occasionally gets stuck with some site, depending on what kind of mtu it ends up using. I side with penpen on this, Openconnect is a generally well-behaved bit of software that works with just about anything -- except with Jolla there are these issues.

ExTechOp ( 2015-03-19 07:13:55 +0200 )edit

Does anyone know what command to use to set MTU on data connection interface nowadays? Ifconfig does not seem to work and outputs an error 'cannot find device rmnet0' or 'rmnet_data0').

Manatus ( 2019-11-07 08:31:32 +0200 )edit
Login/Signup to Answer

Question tools

Follow
4 followers

subscribe to rss feed

Stats

Asked: 2014-12-29 14:36:58 +0200

Seen: 4,030 times

Last updated: Dec 29 '14

Related questions

VPN client [released]

[duplicate] Feature request: IPSec native integration [duplicate]

Enable 4G / LTE [released]

Can't activate mobile internet [answered]

Possible bug in APN detection for Telia in Sweden [duplicate]

VPN configuration [duplicate]

sim operator [duplicate]

Setting of WLAN or mobile data preference

[duplicate] Cisco SSL VPN support (openconnect) [duplicate]

Control 2G/3G individually

Copyright © Jolla Ltd. 2013-2019. All rights reserved.
about | faq | help | privacy policy | terms of service | give feedback
Powered by Askbot version 0.7.49