Hello,
Before I've upgraded my Mikrotik to the newest version for L2TP MTU of 1462 I had 1422 MSS (40 bytes less) in Firewall Mange and it was fine. After upgrade, I have 1416 MSS (captured with Wireshark because there is no more Mangle rules for MSS).
Could you please explain why is MMS different now?
Thanks!
Re: MTU and MSS with new internal algorithm
What is the output of:
Code: Select all
/interface l2tp-server server printRe: MTU and MSS with new internal algorithm
Code: Select all
[admin@MT] > /interface l2tp-server server print
enabled: yes
max-mtu: 1462
max-mru: 1462
mrru: disabled
authentication: chap
keepalive-timeout: 30
max-sessions: unlimited
default-profile: default
use-ipsec: no
ipsec-secret:
allow-fast-path: no
[admin@MT] >
Re: MTU and MSS with new internal algorithm
Alright, I labbed this up and the default in the latest RC is 1450 for MTU / MRU and I'm seeing a MSS of 1404. This is like yours, 6 bytes lower than I'd expect to see. We may want to move this to the RC thread to get a more accurate explanation. I'm not seeing anything that stands out as to why.
Re: MTU and MSS with new internal algorithm
Also, in previous release (before internal algorithm for MSS presented) 6.38.5, I had different values for MSS in-interface and for MSS out-interface but both MTU and MRU had equal values of 1462.
First case:
MSS-out values are equal in both cases for different MTU/MRU values and it's wrong (I had problem with upload data to remote servers). It should be MRU - 40B if I'm not wrong.
Solution is to disable Change TCP MSS value and manually add these two rules in Mangle:
For now I have no package drops and everything seems to work fine.
First case:
Second case:MTU/MRU: 1450 -> MSS-out 1452, MSS-in 1410
As you can see MSS for in-interface is OK.MTU/MRU 1462 -> MSS-out 1452, MSS-in 1422
MSS-out values are equal in both cases for different MTU/MRU values and it's wrong (I had problem with upload data to remote servers). It should be MRU - 40B if I'm not wrong.
Solution is to disable Change TCP MSS value and manually add these two rules in Mangle:
Code: Select all
/ip firewall mangle
add action=change-mss chain=forward new-mss=1422 out-interface=all-ppp \
passthrough=yes protocol=tcp tcp-flags=syn tcp-mss=1423-65535
add action=change-mss chain=forward in-interface=all-ppp new-mss=1422 \
passthrough=yes protocol=tcp tcp-flags=syn tcp-mss=1423-65535
Re: MTU and MSS with new internal algorithm
In our built-in change-mss implementation 6 bytes are reserved just in case connection is MLPPP.
Re: MTU and MSS with new internal algorithm
Thanks for letting me know!In our built-in change-mss implementation 6 bytes are reserved just in case connection is MLPPP.
If I don't use MLPPP I should disable Change TCP MSS in profile and manually add those two rules?
If I have equal values for MTU/MRU, does it mean that MSS value for in and out interfaces should be equal too?
L2TP Server has MTU/MRU 1462.
First connection shows MSS 1422 when Change TCP MSS is set to no.
Second connection shows MSS 1416 when Change TCP MSS is set to yes.
You do not have the required permissions to view the files attached to this post.
Re: MTU and MSS with new internal algorithm
What to do with the error from the openvpn server on ubuntu ?
WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1551', remote='link-mtu 1531'
WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1551', remote='link-mtu 1531'