MTU issue with CloudConnexa and OpenVPN Connect on Android

[marks7389]

Hi All,

Wondering if anyone else is seeing the same problem as I am and/or can help....

I'm trying to connect to CloudConnexa using Open VPN Connect v3.3.4 (9290) on Android 13, connecting via a Network that connects to the internet over a PPPoE connection.

End-to-end link MTU is 1492 and the tunnel therefore should be set up with an MTU of 1420 (69 byte tunnel overhead).

However, OpenVPN Connect sets a tunnel MTU of 1500 and any packets over 1420 bytes fail to send properly, unless I manually force the Android device interface MTU to 1420 (the device is rooted):

Code: Select all

$ ping -c5 -s 1392 172.30.252.1
PING 172.30.252.1 (172.30.252.1) 1392(1420) bytes of data.
1400 bytes from 172.30.252.1: icmp_seq=1 ttl=62 time=35.6 ms
1400 bytes from 172.30.252.1: icmp_seq=2 ttl=62 time=36.8 ms
1400 bytes from 172.30.252.1: icmp_seq=3 ttl=62 time=297 ms
1400 bytes from 172.30.252.1: icmp_seq=4 ttl=62 time=125 ms
1400 bytes from 172.30.252.1: icmp_seq=5 ttl=62 time=204 ms

--- 172.30.252.1 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4008ms
rtt min/avg/max/mdev = 35.662/139.895/297.612/100.697 ms
$ ping -c5 -s 1396 172.30.252.1
PING 172.30.252.1 (172.30.252.1) 1396(1424) bytes of data.

--- 172.30.252.1 ping statistics ---
5 packets transmitted, 0 received, 100% packet loss, time 4163ms

$ sudo ifconfig tun0 mtu 1420 up
$ ping -c5 -s 1396 172.30.252.1
PING 172.30.252.1 (172.30.252.1) 1396(1424) bytes of data.
1404 bytes from 172.30.252.1: icmp_seq=1 ttl=62 time=173 ms
1404 bytes from 172.30.252.1: icmp_seq=2 ttl=62 time=195 ms
1404 bytes from 172.30.252.1: icmp_seq=3 ttl=62 time=221 ms
1404 bytes from 172.30.252.1: icmp_seq=4 ttl=62 time=39.7 ms
1404 bytes from 172.30.252.1: icmp_seq=5 ttl=62 time=35.6 ms

--- 172.30.252.1 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4007ms
rtt min/avg/max/mdev = 35.671/133.126/221.344/79.362 ms

The ping destination, 172.30.252.1, is a host within one of the connected networks. I have manually set the MTU to 1420 within the connector configuration for that network to avoid the same issue, however I don't have the option to set the MTU within the Android client where I'm using a user profile to login and I also can't see anywhere within the CloudConnexa configuration to set it at the server end.

In theory I'd expect the tunnel MTU to be set according to link MTU, but that simply isn't working. On connection startup, the OpenVPN Connect log reports:

Code: Select all

Tunnel Options:V4,dev-type tun,link-mtu 1569,tun-mtu 1500,proto UDPv4,keydir 1,cipher AES-256-CBC,auth SHA256,keysize 256,tls-auth,key-method 2,tls-client

Which is clearly nonsense in respect of the link MTU, but seems to driven by the server config.

Any ideas as to how to fix this?

[marks7389]

Answered my own question... In case anyone else is looking to tweak the client settings for user connections, there's download button in the device settings in the portal which I hadn't previously spotted.

Amended to set the tunnel MTU and then used it to configure profiles within OpenVPN Connect. I've set up a couple, one with a lower MTU to use if needed. Shame there's no way of setting it automatically according to the path MTU in any given circumstance but at least that solves my main issue.