OpenConnect fragmentation issue

Installing and Using OpenWrt Network and Wireless Configuration
1

Hi,

I have an odd issue here with OpenConnect VPN on the OpenWRT.
VPN Client works fine, it connects and it do the job, but it gets mad after certain volume of the traffic, as fast as the MTU max reaches out, it starts to drop the packets.

OpenConnect server ----------Internet-----------OpenWRT(OC_Client)---Lan(laptop)

tests have been done so far:
1-Test from OCServer to the WAN ip of the OpenWRT was on even with big ICMP sizes. Fragmentation is successfully done and also the assembly.
2-Ping test from OCserver to the VPN client IP address is successful but up the the MTU size, above that it fails.
3-Same result for ping from OCserv to the LAN ip address of the OpwnWRT.

I can do all sort of test if you need more investigation.

Just to say that I am completely positive that this is the MTU (frag./Assemb.) issue, because for example ssh also to the VPN Client works file up the the time that SSH doesn't have big output, but as fast as you read a big file or make a big output, it hags.

2

I ran into similar issues. Do you have a fix now?

3

https://openwrt.org/docs/guide-user/firewall/firewall_configuration?s=mtu_fix#options3

4

Thanks. I have enabled the MTU fix. Now the problem becomes: the uplink (client to server) speed is much lower than downlink (server to client). Using iperf, the uplink is less than 1/3 of the downlink. This only happens at the openwrt client. When I use iPhone's anyconnect to connect to the oc server. The up and downlink speed becomes almost the same.

Anyone has similar experience?

5

Ok. After I flash the latest firmware (OpenWrt SNAPSHOT r17102-918908fe76 / LuCI Master git-21.187.21474-0e4b4c5) and all the crypto hw acceleration libs, my r2s flies. My OpenConnect speed increase from 10Mbps to 86.9Mbps (my line speed is 100Mbps) !
This is around the same speed as iPhone connecting to the same ocserv, from same home network.