Loss of packets over MTU

Post your questions about SoftEther VPN software here. Please answer questions if you can afford.
Post Reply
mabosk
Posts: 2
Joined: Thu Jun 20, 2019 9:21 pm

Loss of packets over MTU

Post by mabosk » Thu Jun 20, 2019 10:39 pm

Hello,

I have setup a SE VPN on a server with 2 NICs, 1 is used for LAN, 2 is used for local bridge (as per recommendation with static valid LAN IP). However I experience instabilities and any bigger data transfers fail (small transfer of few kB go thru).
What I have found out is that the data transfer fails are due to packet loss and the packet loss seems to be connected to the packet size. I have started testing around and found out following:
When pinging (with fragmentation allowed) packets with size less then smallest MTU in chain have 0% loss. Packets with size bigger than smallest MTU in chain experience 100% loss when trying to transfer larger data in parallel, if no data transfer is running in parallel it mostly has 0% loss (but not always). For better understanding here some examples on the packet size vs MTU:
1. MTU of server NIC 2 set to 1000 and MTU of virtual client NIC set to 1000 => packets with size equal or lower to 972 have 0% loss, bigger ones have issues
2. MTU of server NIC 2 set to 5000 and MTU of virtual client NIC set to 5000 => packets with size equal or lower to 1472 have 0% loss, bigger ones have issues (I assume this is due to the fact that the MTU of server NIC 1 is 1500 and also the NICs of other network equipment in the chain)

Also when doing the same ping directly from the same LAN (not via VPN tunnel) the above issues are not present and ping with any packet size have 0% loss.

I have tried to play also the MSS setting on the VPN server, but it did not made any difference.

The VPN setup is as following:
client => VPS with virtual hub <= (cascade connection) server with virtual hub, behind 2 NAT

Server is Debian 7
Client is Windows 10
VPS is Debian 8


I would like to avoid the TAP + bridge approach as this would require explicit changes of the routing table in the client.

Any help or hint on what to change or try is appreciated.

cedar
Site Admin
Posts: 1141
Joined: Sat Mar 09, 2013 5:37 am

Re: Loss of packets over MTU

Post by cedar » Tue Jul 09, 2019 5:39 am

Which direction does the packet get lost?
If the packet sent from the local bridge is larger than the MTU, the VPN server will try to extend the MTU automatically.

mabosk
Posts: 2
Joined: Thu Jun 20, 2019 9:21 pm

Re: Loss of packets over MTU

Post by mabosk » Tue Jul 09, 2019 1:18 pm

I had no possibility to monitor the packets on the server, so I'm not sure where they were lost. However I have created a dedicated VPN server out of Raspberry Pi 3 running on Raspbian and the problems vanished, connections are now stable and fast. I assume the issue is connected either to Debian 7 or the NICs used in the server.

Post Reply