OpenWrt Forum Archive

I have 2 OpenWRT routers with CHAOS CALMER (Chaos Calmer, r49389) on same network 192.168.2.0/24.

OpenConnect version v7.08.
ocserv 0.11.8 Compiled with: AnyConnect GnuTLS version: 3.4.15

Router VPN Server (192.168.2.119)

root@OpenWrt:~# cat /etc/config/ocserv

config ocserv 'config'
        option port '4443'
        option dpd '120'
        option max_clients '8'
        option max_same '2'
        option netmask '255.255.255.0'
        option ipaddr '192.168.3.0'
        option auth 'plain'
        option default_domain 'lan'
        option compression '1'
        option enable '1'

config ocservusers
        option name '<removed>'
        option password '<removed>'

config dns
        option ip '192.168.2.1'

config routes
        option ip '192.168.2.0'
        option netmask '255.255.255.0'

config ocserv 'config'
        option split_dns '1'

root@OpenWrt:~#

Router VPN Client (192.168.2.100)

root@OpenWrt:~# cat /etc/config/network

config interface 'vpn'
        option proto 'openconnect'
        option interface 'lan'
        option server 'OpenWrt'
        option port '4443'
        option username '<removed>'
        option password '<removed>'
        option authgroup 'DEFAULT'

The connection is established successfully!

Router VPN Server (192.168.2.119)

vpns0     Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
          inet addr:192.168.3.1  P-t-P:192.168.3.55  Mask:255.255.255.255
          UP POINTOPOINT RUNNING  MTU:1434  Metric:1
          RX packets:10 errors:0 dropped:0 overruns:0 frame:0
          TX packets:10 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:500
          RX bytes:2566 (2.5 KiB)  TX bytes:2566 (2.5 KiB)

Router VPN Client (192.168.2.100)

vpn-vpn   Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
          inet addr:192.168.3.55  P-t-P:192.168.3.55  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1406  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:500
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

The problem is that only ping size less than 228 bytes respond!

root@OpenWrt:/# ping 192.168.3.1 -s 229
PING 192.168.3.1 (192.168.3.1): 229 data bytes
^C
--- 192.168.3.1 ping statistics ---
6 packets transmitted, 0 packets received, 100% packet loss
root@OpenWrt:/# ping 192.168.3.1 -s 228
PING 192.168.3.1 (192.168.3.1): 228 data bytes
236 bytes from 192.168.3.1: seq=0 ttl=64 time=1.590 ms
236 bytes from 192.168.3.1: seq=1 ttl=64 time=1.393 ms
236 bytes from 192.168.3.1: seq=2 ttl=64 time=1.363 ms
236 bytes from 192.168.3.1: seq=3 ttl=64 time=1.354 ms
^C
--- 192.168.3.1 ping statistics ---
4 packets transmitted, 4 packets received, 0% packet loss
round-trip min/avg/max = 1.354/1.425/1.590 ms

If you set MTU size to 228 the both server interface vpns0 and client interface vpn-vpn every ping size responds!
The problem was born because I tried to unsuccessfully open an SSH connection on the VPN.

What could be the problem?