Default l2tp gateway not work for lan clients

kresle · May 28, 2020, 3:18am

I have a dell r720 server which have 4 ethernet cards. I used two of them as docker macvlan and installed openwrt in docker.
Also I have installed xl2tpd. In openwrt server, it works all fine, I could successfully download all kinds of data. But it seems the default gateway not work for LAN clients, in LAN clients I could ping other websites successfully but couldn't download any data.
The default gateway is like this:

root@OpenWrt:/etc/config# ip route show
default via 10.0.2.3 dev l2tp-vpn 
10.0.2.3 via 10.214.200.1 dev eth1 
10.0.2.3 dev l2tp-vpn scope link  src 222.205.7.129 
10.214.200.0/24 dev eth1 scope link  src 10.214.200.104 
192.168.2.0/24 dev br-lan scope link  src 192.168.2.1

If I add default WAN gateway , the LAN clients could get data but not through the l2tp service.
The /etc/config/network is

config interface 'loopback'
        option ifname 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config interface 'lan'
        option type 'bridge'
        option ifname 'eth0'
        option proto 'static'
        option netmask '255.255.255.0'
        option ip6assign '60'
        option ipaddr '192.168.2.1'

config interface 'wan'
        option ifname 'eth1'
        option ip6assign '60'
        option proto 'static'
        option ipaddr '10.214.200.104'
        option netmask '255.255.255.0'
        option gateway '10.214.200.1'
        option broadcast '10.214.200.255'
        list dns '10.10.0.21'

config interface 'vpn'
        option ifname 'vpn1'
        option proto 'l2tp'
        option username '-----'
        option password '-----'
        option server '10.0.2.3'
        option ipv6 'auto'
        option mtu '1428'

Can anyone help me about this problem? Thanks!

trendy · May 28, 2020, 7:31am

Is it a dns issue, or remote sites are resolved fine?
Successfully reaching a site but not downloading something big sounds like MTU issue. Is the 1428 value 100% correct?

kresle · May 28, 2020, 8:35am

Thanks a lot! I think MTU is indeed where went wrong. After setting the LAN MTU to 1200, I could download files, although webpages still won't load.

trendy · May 28, 2020, 8:54am

You'll need to set it properly on both ends of the tunnel.
Search here or online for methods to calculate the correct MTU.
Make sure you set the MTU of the tunnel to the same as wan interface and start testing.

kresle · May 28, 2020, 2:46pm

Thanks. I nearly find out the main reasons. The macvlan interface for WAN automatically lower its MTU to 1280 once the openwrt container start (even if I create the network with explicit MTU option), and could not be changed upwards. I have to lower both MTU of LAN in openwrt docker and local MTU to 1200 to successfully get access to internet. But this is so complicated, every device need to first ajust its MTU. I think I have to find out why macvlan automatically lower wan MTU.

system · June 7, 2020, 2:53pm

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.