[Bug 207087] kernel: r295285 in 10.2-STABLE breaks OpenVPN functionality

bugzilla-noreply at freebsd.org bugzilla-noreply at freebsd.org
Wed Feb 10 20:51:24 UTC 2016


--- Comment #5 from mgrooms at shrew.net ---
I see. They underlying cause is quite possibly unrelated then. As I said, I
wasn't trying to hijack your bug report. But the symptom still sounds similar
in the respect that some of your UDP traffic ( your OpenVPN control traffic for
example ) appears to be processed correctly, but other traffic ( your OpenVPN
transport traffic being tunneled ) does not. That smacks of a re-assembly
problem. In the latter case, you could have a large inner IP packet size due to
the tunnel overhead which would cause the outer IP packet to be fragmented.
This would lead to stalls and resets from the client perspective, just as you
describe in your bug report.

However, that doesn't necessarily explain your 2nd problem where non-tunneled
traffic stalls. You can't NAT fragmented packets if you have a re-assembly
problem as the required UDP/TCP port values are only available in the initial
packet of a fragmented chain. That usually only effects UDP packets but it can
still be a problem for TCP if the TCP MSS is large enough as the DNF bit is
typically set in the IP header.

In any case, good luck with your problem.

You are receiving this mail because:
You are on the CC list for the bug.

More information about the freebsd-amd64 mailing list