> Juan Antonio a écrit : >> >>> Couldn't it be an MTU problem in the tunnel ? AFAIK, when TCP transmits >>> a message which must be segmented, it sends maximum-size segments >>> without the PUSH flag and a last smaller segment with the PUSH flag set >>> containing the remaining data. >> >> I know that, really this is the problem. The first segments without the >> PUSH flag dissapear completely in spite of these go out for the tunnel . >> The MTU is the first thing that I verified and this is 1500 in both >> sides. > > Did you check that the tunnel can actually handle packets of that size, > for example by sending pings of various sizes up to 1500 through it ? > Tunnel encapsulation adds overhead, which might create fragmentation or > other issues. Hello, I can send pings to exactly 1370 bytes, and over 1440 bytes but I can't ping between this interval. ping 10.8.1.1 -c 1 -s 1450 PING 10.8.1.1 (10.8.1.1) 1450(1478) bytes of data. 1458 bytes from 10.8.1.1: icmp_seq=1 ttl=64 time=61.1 ms 1 packets transmitted, 1 received, 0% packet loss, time 0ms ping 10.8.1.1 -c 1 -s 1440 PING 10.8.1.1 (10.8.1.1) 1440(1468) bytes of data. 1 packets transmitted, 0 received, 100% packet loss, time 0ms However the MTU is 1500 in both sides and I can send ping without problem in this size. ping 10.8.1.1 -c 1 -s 1500 PING 10.8.1.1 (10.8.1.1) 1500(1528) bytes of data. 1508 bytes from 10.8.1.1: icmp_seq=1 ttl=64 time=60.7 ms 1 packets transmitted, 1 received, 0% packet loss, time 0ms Now I'm really lost, I'll look for some parameter in openvpn config. Thank you very much > -- > To unsubscribe from this list: send the line "unsubscribe netfilter" in > the body of a message to majordomo@xxxxxxxxxxxxxxx > More majordomo info at http://vger.kernel.org/majordomo-info.html > -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html