Closed tieu1991 closed 1 year ago
Check your MTU - the vpn config has a pretty low value (1320). It would be worth forcing mss: MSS_CLAMPING_IPV4="1280" (mss is always mtu-40, for ipv4).
Btw, I'm not totally sure if this will work when your source is a ip range. Because those ips are on a network interface which probably has a MTU=1500. That means if your doing a big upload, your source packets might be might be bigger than can fit in the VPN tunnel. If what I said above doesn't work, create a new VLAN, give it a MTU of 1320, and change FORCED_SOURCE_IPV4 to be the VLAN bridge interface in FORCED_SOURCE_INTERFACE.
Alternatively, you can configure every client machine to have a lower MTU, but thats kinda annoying. ;-)
Check your MTU - the vpn config has a pretty low value (1320). It would be worth forcing mss: MSS_CLAMPING_IPV4="1280" (mss is always mtu-40, for ipv4).
Btw, I'm not totally sure if this will work when your source is a ip range. Because those ips are on a network interface which probably has a MTU=1500. That means if your doing a big upload, your source packets might be might be bigger than can fit in the VPN tunnel. If what I said above doesn't work, create a new VLAN, give it a MTU of 1320, and change FORCED_SOURCE_IPV4 to be the VLAN bridge interface in FORCED_SOURCE_INTERFACE.
Alternatively, you can configure every client machine to have a lower MTU, but thats kinda annoying. ;-)
I tried the mss clamping in vpn.conf and the udm config but it doesn't seem to work. But it still doesn't explain why the devices on the subnet 192.168.3.0/24 have no issue but 192.168.1.200 have an issue.
Hi @tieu1991,
On your 192.168.1.0/24 network in your Unifi Network -> Networks settings, do you have any Content filtering enabled, or Network isolation, or any custom Traffic Rules for this network/device under Unifi Network -> Traffic Management? Also, under Unifi Network -> Firewall & Security, do you have any Ad blocking or country restrictions enabled?
Also if you are using WiFi on this device, do you WiFi settings have any Client Device Isolation or Hospot Portal enabled?
Thank you very much @peacey,
It was the Ad blocking in the firewall section. Everything work now.
I've been using this for a a few months with Mullvad without a problem. Now I'm trying out AirVPN with the same configuration I used with Mullvad. The only things I changed is DNS_IPV4_IP, ROUTE_TABLE, MARK, PREFIX, PREF, DEV. AirVPN seems to be working on other VLAN (192.168.2.0/24 and 192.168.3.0/24). But if I force a device on the default VLAN (192.168.1.0/24) all DNS query fail on this device. I can't firgure out why this happen.
Here is my vpn.conf :
Here is my airvpn.conf :