News & Blog Posts

VPN MTU

Linux PPTP VPN servers break some websites!

Tuesday 12 June, 2018

"Erm, Leenix, thats a weird thing to say?"

Yeah I know -- But here is what we found.

When a client machine was connected to the PPTP VPN, their browsers would get stuck on "establishing secure connection". --- But only in a select few sites!

In our case we experienced this with a Ubuntu 16.04 PPTP Server (other distros may be effected also?)

"But why?"

MTU -- Thats why -- Bloody MTU.  

Ubuntu's (and others?) default PPP config sets the MTU for all connected clients to 1396. Im sure they have a good reason for it (other than to give me yet more grey hair) --  but in this case it just causes me agro.

Dont get me wrong, Im not convinced this is really an issue with linux or the PPTP server, but is im sure is more these remote web servers which seem to refuse connections from non default MTU - However, some of these sites are big enough, that I would spend days explaining to 1st line tech support that tcp was not just a brand of horrible mouthwash and that an "m t u" is not me swearing at them.

While this sounds fun.. also matching the normal MTU will reduce packet fragmentation and lead to less tcp overhead -- Faster VPN and less Just-4-Men -- win win.

"Erm, Just tell me how to fix it please."

Sure! You need to edit the ppp config so that any clients which connect get the MTU changed to the more standard 1468.

Other distros implementation will vary, but hopefully you get the idea.

In Ubuntu 16.04 create the following file;

sudo nano -w /etc/ppp/ip-up.local
#fix mtu
ifconfig $1 mtu 1468

In ubuntu 16.04, $1 will be automatically replaced with the connecting clients ppp interface (e.g. ppp1 or ppp8) 

Now, give it +x;

sudo chmod 755 /etc/ppp/ip-up.local