MTU value, DSL+LTE hybrid connection (UDP/TCP)

Looking for assistance with a cryptostorm connection issue? Post here & we'll help out. Also: if you're not sure where to post, do so here & we'll move things around as needed. Also: for quickest support, email our oddly calm & easygoing support reps at support@cryptostorm.is :)
DudeOfLondon
Posts: 84
Joined: Sat Jan 10, 2015 5:14 pm

MTU value, DSL+LTE hybrid connection (UDP/TCP)

Post by DudeOfLondon » Sat Oct 19, 2019 6:04 am

Hi,
I can't use UDP connections, I can connect but websites don't load. TCP works, though.
I think this has to do with my ISP that uses a hybrid or bonding of DSL and LTE.

I found in the router menu varying MTU values.
1500 for ethernet
1492 for DSL
and 1436 for LTE
I guess the DSL and LTE MTUs are WAN-facing.

I also found under the IPv6-settings of the router an MTU of 1440.

I'm not sure which of these MTU values is valid and the one important to my problem. (in forums they even say MTU for LTE is 1500 since 2017 firmware of the router. And because of mss clamping the MTU of the bonded connection is set to the lower one of DSL and LTE. That's 1492. In case the values I listed above are correct, maybe in the meantime since 2017 the values would have changed again. So that would mean now with clamping of 1492 and 1436, the router would use 1436 currently).

When not connected to a VPN using the mtupath tool by IEA Software Inc. or the windows command "ping -f -l [MTU]" I get a suggested MSS of 1412.
This means the tool and ping command both use UDP for testing IPv4, right? 1440 minus 20 for IPv4 minus 8 for UDP = 1412
I don't understand why mtupath tells me MSS is 1412 and MTU 1440, but 1440 is listed in the router settings under IPv6 settings and not in general or IPv4 settings.

Moving on: I put mssfix 1412 into my UDP-config (*.ovpn). Now I can use the VPN connections and websites load.

Now I don't understand why (when connected to the VPN with mssfix 1412) when I use mtupath or the ping command I get a suggested MSS of 1472 and MTU of 1500. :?:
Why is it now higher, although it is lowered with the mssfix 1412 option in the *.OVPN conf?

User avatar
df
Site Admin
Posts: 472
Joined: Thu Jan 01, 1970 5:00 am

Re: MTU value, DSL+LTE hybrid connection (UDP/TCP)

Post by df » Sun Oct 20, 2019 5:43 am

ping and mtupath use ICMP.
So you can connect to the UDP OpenVPN instances, but when you try to do TCP things in that tunnel (like loading websites) it doesn't work?
See https://community.openvpn.net/openvpn/w ... tu-problem
My guess is your router is changing the MTU, or a setting in your local system is doing that (maybe you manually set the MTU/MSS on a network adapter at one point?). That or it's unnecessarily fragmenting things that don't need fragmentation, which would explain why TCP inside the tunnel is broken.
You can test that UDP inside the OpenVPN UDP tunnel is working correctly by resolving something, i.e. nslookup google.com

But it looks like you found the mssfix value that works for your situation, so just use that :P

DudeOfLondon
Posts: 84
Joined: Sat Jan 10, 2015 5:14 pm

Re: MTU value, DSL+LTE hybrid connection (UDP/TCP)

Post by DudeOfLondon » Sun Oct 20, 2019 8:11 pm

df wrote:
Sun Oct 20, 2019 5:43 am
So you can connect to the UDP OpenVPN instances, but when you try to do TCP things in that tunnel (like loading websites) it doesn't work?
Correct, until I set the mssfix option in the config with a lower value than 1413.

I looked at my Windows PC setting and it looks altered (lowered to 1440).
So on windows, MTU should stay at 1500 for ethernet?

Look at my attached screenshot: "Ethernet 2" is a TAP interface and "Ethernet" is my actually NIC connected to the router.
Attachments
MTU-output Windows.jpg

Post Reply