Opened 10 years ago
Last modified 9 years ago
#13967 new defect
NatNetwork limits mtu
| Reported by: | RobbySherwood | Owned by: | |
|---|---|---|---|
| Component: | network/NAT | Version: | VirtualBox 4.3.26 |
| Keywords: | nat drop loss packet | Cc: | |
| Guest type: | Linux | Host type: | Windows |
Description
I have 4.3.26 in win7 running.
My guests are linux (redhat 5,4 5.10, opensuse 13.2, ...)
All are connected to a virtualbox NatNetwork
Inside the guests an openvpn client is started and i see, that huge packets that the openvpn client sents will be dropped. I investigated further and found out, that the highest Packet size leaving the host is 1295 bytes long.
Change History (6)
comment:1 by , 10 years ago
comment:2 by , 10 years ago
| Host type: | other → Windows |
|---|
comment:3 by , 10 years ago
What makes you think this problem is caused by NAT Network?
What is your host IP configuration? netsh int ip show int - will show you host MTU values.
comment:4 by , 9 years ago
I have also observed this same behavior for quite some time (Gentoo linux guest running openvpn, host win7 with NAT). The above workaround in lowering the openvpn MTU works when "NAT Network" is used and connectivity issues are not observed while in "Bridge" mode.
Here is the requested info of the hosts MTU values.
Idx Met MTU State Name --- ---------- ---------- ------------ --------------------------- 1 50 4294967295 connected Loopback Pseudo-Interface 1 15 50 1500 disconnected Wireless Network Connection 14 20 1468 connected Local Area Connection 16 10 1500 connected VirtualBox Host-Only Network
comment:5 by , 9 years ago
man openvpn: "It's best to use the --fragment and/or --mssfix options to deal with MTU sizing issues."
'mssfix 1300' works for me WMMV
comment:6 by , 9 years ago
When using NAT network packets fragment greater than 1482 bytes.
Openvpn is sensitive to fragmentation when running udp mode, this issue can be tested without using this application.
'hping -d xxxx -1 -c 1 foo' from guest, monitor packets from a span port.
NAT Network
14 Bytes Ethernet + 28 Bytes ICMP Header + 1440 Bytes data == 1482 Bytes on wire
14 Bytes Ethernet + 28 Bytes ICMP Header + 1441 Bytes data == 1482 Bytes on wire Fragmented
...
14 Bytes Ethernet + 28 Bytes ICMP Header + 1458 Bytes data == 1482 Bytes on wire Fragmented
Bridge Network
14 Bytes Ethernet + 28 Bytes ICMP Header + 1440 Bytes data == 1482
14 Bytes Ethernet + 28 Bytes ICMP Header + 1441 Bytes data == 1483 Bytes on wire
...
14 Bytes Ethernet + 28 Bytes ICMP Header + 1458 Bytes data == 1500 Bytes on wire


My workaround was to set openvpn client to:
Test and finetuning is possible by openvpn mtu-test giving this log information: