You are not logged in.
- Topics: Active | Unanswered
#1 2017-03-25 20:24:53
- extrapalantine
- Member
- Registered: 2016-07-15
- Posts: 62
OpenVPN client complains about UDP packet size
I've been working to get an OpenVPN connection set up with VPN Unlimited.
They don't support Arch natively, which means I'm restricted to setting up a manual connection.
I've been following the steps in the ArchWiki OpenVPN tutorial. I've copied the client file sent to me by VPN Unlimited's support staff into my /etc/openvpn/client directory.
When I run
# openvpn /etc/openvpn/client/client.conf, the connection initialized -- but then I get the following error:
Sat Mar 25 20:13:25 2017 OpenVPN 2.4.1 x86_64-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [A
Sat Mar 25 20:13:25 2017 library versions: OpenSSL 1.0.2k 26 Jan 2017, LZO 2.10
Sat Mar 25 20:13:25 2017 WARNING: --ns-cert-type is DEPRECATED. Use --remote-cert-tls instead.
Sat Mar 25 20:13:25 2017 TCP/UDP: Preserving recently used remote address: [AF_INET]95.141.40.107:1194
Sat Mar 25 20:13:25 2017 UDP link local: (not bound)
Sat Mar 25 20:13:25 2017 UDP link remote: [AF_INET]95.141.40.107:1194
Sat Mar 25 20:13:25 2017 [openvpn.vpnunlimitedapp.com] Peer Connection Initiated with [AF_INET]95.141.40.107:1194
Sat Mar 25 20:13:27 2017 Options error: option 'reneg-sec' cannot be used in this context ([PUSH-OPTIONS])
Sat Mar 25 20:13:28 2017 TUN/TAP device tun0 opened
Sat Mar 25 20:13:28 2017 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Sat Mar 25 20:13:28 2017 /usr/bin/ip link set dev tun0 up mtu 1500
Sat Mar 25 20:13:28 2017 /usr/bin/ip addr add dev tun0 local 10.200.5.82 peer 10.200.5.81
Sat Mar 25 20:13:28 2017 Initialization Sequence Completed
Sat Mar 25 20:13:28 2017 NOTE: Beginning empirical MTU test -- results should be available in 3 to 4 minutes.
Sat Mar 25 20:16:31 2017 NOTE: Empirical MTU test completed [Tried,Actual] local->remote=[1525,1425] remote->local=[1522,1522]
Sat Mar 25 20:16:31 2017 NOTE: This connection is unable to accommodate a UDP packet size of 1525. Consider using --fragment or --mssfix options as a workaround.I'm not quite sure what this means. Is OpenVPN working?
When I try to set the MTU fragment size in the config file, as described in the ArchWiki OpenVPN guide, OpenVPN terminates with the following error:
Sat Mar 25 20:20:23 2017 OpenVPN 2.4.1 x86_64-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Mar 22 2017
Sat Mar 25 20:20:23 2017 library versions: OpenSSL 1.0.2k 26 Jan 2017, LZO 2.10
Sat Mar 25 20:20:23 2017 WARNING: --ns-cert-type is DEPRECATED. Use --remote-cert-tls instead.
Sat Mar 25 20:20:23 2017 WARNING: using --fragment and --mtu-test together may produce an inaccurate MTU test result
Sat Mar 25 20:20:24 2017 TCP/UDP: Preserving recently used remote address: [AF_INET]95.141.40.107:1194
Sat Mar 25 20:20:24 2017 UDP link local: (not bound)
Sat Mar 25 20:20:24 2017 UDP link remote: [AF_INET]95.141.40.107:1194
Sat Mar 25 20:20:24 2017 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1546', remote='link-mtu 1542'
Sat Mar 25 20:20:24 2017 WARNING: 'mtu-dynamic' is present in local config but missing in remote config, local='mtu-dynamic'
Sat Mar 25 20:20:24 2017 [openvpn.vpnunlimitedapp.com] Peer Connection Initiated with [AF_INET]95.141.40.107:1194
Sat Mar 25 20:20:26 2017 Options error: option 'reneg-sec' cannot be used in this context ([PUSH-OPTIONS])
Sat Mar 25 20:20:26 2017 TUN/TAP device tun1 opened
Sat Mar 25 20:20:26 2017 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Sat Mar 25 20:20:26 2017 /usr/bin/ip link set dev tun1 up mtu 1500
Sat Mar 25 20:20:26 2017 /usr/bin/ip addr add dev tun1 local 10.200.5.82 peer 10.200.5.81
RTNETLINK answers: File exists
Sat Mar 25 20:20:26 2017 ERROR: Linux route add command failed: external program exited with error status: 2
RTNETLINK answers: File exists
Sat Mar 25 20:20:26 2017 ERROR: Linux route add command failed: external program exited with error status: 2
RTNETLINK answers: File exists
Sat Mar 25 20:20:26 2017 ERROR: Linux route add command failed: external program exited with error status: 2
RTNETLINK answers: File exists
Sat Mar 25 20:20:26 2017 ERROR: Linux route add command failed: external program exited with error status: 2
Sat Mar 25 20:20:26 2017 Initialization Sequence Completed
Sat Mar 25 20:20:27 2017 NOTE: Beginning empirical MTU test -- results should be available in 3 to 4 minutes.
Sat Mar 25 20:20:31 2017 FRAG_IN error flags=0xfa2a187b: FRAG_TEST not implemented
Sat Mar 25 20:20:36 2017 FRAG_IN error flags=0xfa2a187b: FRAG_TEST not implemented
Sat Mar 25 20:20:41 2017 FRAG_IN error flags=0xfa2a187b: FRAG_TEST not implemented
Sat Mar 25 20:20:46 2017 FRAG_IN error flags=0xfa2a187b: FRAG_TEST not implemented
Sat Mar 25 20:20:51 2017 FRAG_IN error flags=0xfa2a187b: FRAG_TEST not implemented
Sat Mar 25 20:20:56 2017 [openvpn.vpnunlimitedapp.com] Inactivity timeout (--ping-exit), exiting
Sat Mar 25 20:20:56 2017 /usr/bin/ip addr del dev tun1 local 10.200.5.82 peer 10.200.5.81
Sat Mar 25 20:20:56 2017 SIGTERM[soft,ping-exit] received, process exitingCould someone give me a little insight on what's going on here? Thanks!
Offline
#2 2017-03-25 21:19:09
- QuackDonkey
- Member
- Registered: 2017-01-27
- Posts: 24
Re: OpenVPN client complains about UDP packet size
Does removing
mtu-testwithout other modifications helps you?
Last edited by QuackDonkey (2017-03-25 21:19:25)
Offline
#3 2017-03-26 01:03:08
- R00KIE
- Forum Fellow
- From: Between a computer and a chair
- Registered: 2008-09-14
- Posts: 4,734
Re: OpenVPN client complains about UDP packet size
Also this line "Sat Mar 25 20:20:24 2017 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1546', remote='link-mtu 1542'" should hint you to what you can do to make things work, try setting a fixed mtu of 1542.
R00KIE
Tm90aGluZyB0byBzZWUgaGVyZSwgbW92ZSBhbG9uZy4K
Offline