tun-mtu size & embedded_packet_size_error

[skubik]

I'm encountering a problem staying connected to my VPN from my iOS device and searching hasn't turned up very much in the way of help. I'm hoping someone here might have some insight.

In iOS(7), I am able to connect to my VPN via the OpenVPN app; it connects, I have an IP address, I can even ping the device over the VPN from the VPN server.
But as soon as I try and access something (specifically an internal web server) on the VPN, the connection drops and I get an "embedded_packet_size_error" in my app.

It looks like the problem is with the tun-mtu setting.
On my server, I have a tun-mtu value of 6000. Of course I have this same value in my client configuration files and it works great with my Linux and OSX machines. On my iOS7 devices, however, looking through the log output, it appears as though it's using a tun-mtu value of 1500. At first I thought maybe I forgot to update the config on my iOS device, so I re-uploaded the config & keys, but I'm still getting the same number in the logs for the tun-mtu value.
Any ideas why this might be happening?

I can post my server & client configs if needed. I'm using the TCP protocol and the tun device (obvs).

TIA!

[streletz]

I am getting the same error on iphone 6+ ios 8.1.3 openvpn app 1.0.5 build 177:

EVENT: CORE_ERROR embedded_packet_size_error [ERR]

]

This error happens on client, nothing on server (tplink router TPLINK TL-WDR3600 with DD-WRT v24-sp2 12/22/14 build 25697). I tried changing server tun-mtu to different values (1500, 1530, 1492, 1472, 1450, 1400, 1350, etc.), and testing for the maximum i should set using the non-fragmented ping, and 1427 is what i came up with. On my server the main MTU for my isp is set to automatic (1500).

This is my first time setting up openvpn so it doesn't consistently work on my mac either. I'm testing through my own lan, verizon cell network and through public xfinity wifi.

here is my config.opvn for iphone:

Code: Select all

client
dev tun
proto tcp
remote <my ddns domain> 443
resolv-retry infinite
nobind
user nobody
group nobody
persist-key
persist-tun
mute-replay-warnings
ca ca.crt
cert client.crt
key client.key
ns-cert-type server
cipher BF-CBC
comp-lzo
verb 3
float

Here's my router config (this is configured through dd-wrt gui, and spit out on the openvpn status page:

Code: Select all

dh /tmp/openvpn/dh.pem
ca /tmp/openvpn/ca.crt
cert /tmp/openvpn/cert.pem
key /tmp/openvpn/key.pem
keepalive 10 120
verb 3
mute 3
syslog writepid /var/run/openvpnd.pid
management 127.0.0.1 14
management-log-cache 100
topology subnet
script-security 2
port 443
proto tcp-server
cipher bf-cbc
auth sha1
client-connect /tmp/openvpn/clcon.sh
client-disconnect /tmp/openvpn/cldiscon.sh
client-config-dir /tmp/openvpn/ccd
comp-lzo adaptive
tls-server
ifconfig-pool-persist /tmp/openvpn/ip-pool 86400
client-to-client
push "redirect-gateway def1"
tcp-nodelay
tun-mtu 1427
mtu-disc yes
server 192.168.42.0 255.255.255.0
dev tun2 tun-ipv6
push "route 192.168.69.0 255.255.255.0"
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
keepalive 10 20 

I also added this to the firewall:

Code: Select all

iptables -I INPUT 1 -p tcp --dport 443 -j ACCEPT
iptables -I FORWARD 1 --source 192.168.42.0/24 -j ACCEPT
iptables -t nat -A POSTROUTING -s 192.168.42.0/24 -o br0 -j MASQUERADE
iptables -t nat -A POSTROUTING -s 192.168.42.0/24 -j MASQUERADE
iptables -I FORWARD -i br0 -o tun2 -j ACCEPT
iptables -I FORWARD -i tun2 -o br0 -j ACCEPT
iptables -t nat -I POSTROUTING -o tun2 -j MASQUERADE

Sometimes vpn works after router restart for a some time, but at some point it always comes back to this embedded_packet_size_error. Please help?

[streletz]

having same error on ios 8.1.3... help please?