|
ru.linux
- RU.LINUX ---------------------------------------------------------------------
From : Sergey Prokopenko 2:5020/400 22 Jul 2005 14:28:57
To : Igor Chumak
Subject : Re: Анизотропный туннель под openvpn :(
--------------------------------------------------------------------------------
Hello, Igor!
You wrote to Pavel Vasilyev on Fri, 22 Jul 2005 08:47:50 +0000 (UTC):
IC>>> с MSSQL работает). Из сети сервера в сеть клиента: пинги
IC>>> ходят, а соединение на получается :(
PV>> Дык... а с чем соединятся, или там тоже MySQL
PV>> сервер...
IC> MSSQL ;)
IC> Hо в данном случае 1 хрен - в одном направлении ходят и пинги, и
IC> tcp-соединения
IC> В другом - только пинги. Любые tcp-соединения обламываются.
Самое разумное - заглянуть в настройки брэндмаура в XP. Хотя если
"обламывается" именно MySQL - там же у MySQL ещё настройка на хосты внутри
есть... Про настройки брандмаура для TAP-win32 не забыть... В ХауТу на
OpenVPN описаны настройки для такого случая, если брэндмауер не причём...
Notes -- MTU
Setting the MTU is an important but sometimes problematic aspect of VPN
configuration. The MTU (maximum transmission units) is the maximum packet
size in bytes that can be sent or received by a real or virtual network
adapter.
The common symptom of MTU problems is a VPN connection which appears to
start up fine, but then locks up under real usage.
The easiest way to solve MTU problems is by using the --mssfix
and/or --fragment options which were added in beta8. Typical usage would be:
fragment 1400
mssfix
Some notes:
The TAP-Win32 adapter MTU defaults to "1500" which is the required setting
for ethernet bridging.
For some time before the Windows port of OpenVPN was completed, a
default --link-mtu of "1300" has been in place for "tun" interfaces. Because
the Windows TAP-Win32 interface prefers an MTU of "1500", it is essential to
not rely on the default MTU value in this case, but to explicitly include
"tun-mtu 1500" on both sides of the connection.
The MTU on both sides of an OpenVPN connection must exactly match. On
non-windows systems, the MTU of a tap device is usually set by the ifconfig
command.
The MTU of a TAP-Win32 adapter can be changed by going to Control Panel ->
Network Connections -> [TAP-Win32 adapter name] -> Configure -> Advanced.
И в faq-e
I can ping through the tunnel, but any real work causes it to lock up. Is
this an MTU problem?
Probably. It's best to change the mssfix parameter rather than directly
changing the MTU of the TUN/TAP adapter. For example:
mssfix 1200You could also combine this with:
fragment 1200Note however that fragment will exact a performance penalty.
Common values to try for mssfix/fragment: 1200, 1300, or 1400.
Note that while mssfix only needs to be specified on one side of the
connection, fragment should be specified on both.
До свидания, успехов!
====================
Lam I. В моём адресе все буквы настоящие.
--- ifmail v.2.15dev5.3
* Origin: Demos online service (2:5020/400)
Вернуться к списку тем, сортированных по: возрастание даты уменьшение даты тема автор
|
