2

I have a very strange problem after I moved apartments. I'm working remotely from Japan using a OpenVPN connection and connect to my work computer via Remote Desktop. I recently moved apartments. In the old apartment everything works perfectly fine. And right now, when I'm using my mobile data everything works fine. But when I'm using my new internet, I have very strange problems:

The VPN connection is successfully created and I can connect via Remote Desktop. Until yesterday, this part work without any problems. Since today, I will loose connection to Remote Desktop after about 1 minute. Always without exception. This is when using the Parallels Remote Desktop Client. When using the Windows Remote Desktop Client, I can't connect at all.

I can not connect to any internal websites of my company from my host computer. I can ping and traceroute them and it looks fine.

But when I make a hotspot with my phone and use the local data, everything works perfectly fine.

The apartment has a wall-embedded Ruijie AP180-AC Router. I tried switching between AP mode and router mode, but it makes no difference.

I would really appreciate any help because I do not have the slightest idea what is going on here. Seems like a very strange behaviour to me, but also my networking knowledge is very limited.

Improve this question
10
  • 2
    Try lowering MTU on the VPN link. Also check for packet loss. What protocol does your OpenVPN connection use, TCP or UDP?
    – Daniel B
    Commented Feb 28 at 12:12
  • @DanielB omg thank you so much it was actually the MTU size!
    – Leddy Gee
    Commented Feb 28 at 12:31
  • @DanielB I know it fixed the OP's issue, but why would the MTU size matter with OpenVPN, as high MTU values [48000] is recommended for OpenVPN for optimal throughput (you don't want MTUs ~1400 with OpenVPN, as it really hampers throughput). Would it be an issue because the OpenVPN server isn't being run on the router and is instead being run on a downstream machine?
    – JW0914
    Commented Feb 28 at 12:50
  • @JW0914 Check this Q/A on Network Engineering SE. IP Fragmentation is bad and should be avoided. On WAN network even “at all costs”. Not sure what a large OpenVPN MTU is supposed to accomplish, but I guess reliability over high-latency WAN, possibly with packet loss, isn’t it. // Unfortunately, because OP did not provide the protocol type, an exhaustive answer isn’t possible.
    – Daniel B
    Commented Feb 28 at 13:35
  • 1
    @DanielB, since the comment fixed the issue, why not expand on it (as was done in comments) and make it an answer that can help others? (You might show directions for optimizing MTU size.)
    – DrMoishe Pippik
    Commented Feb 28 at 17:00

1 Answer 1

Reset to default
2

When you experience mysterious network problems (some things work, others don’t, stuff starts and stops working seemingly at random, connections randomly fail), the problem is often with (heavy) packet loss. Fragmented IP packets are a potential contributing factor to packet loss. To not have fragmented packets, the MTU must be lowered.

This also applies to some VPN tunnels, like OpenVPN. Because your tunnel is UDP-based, the tunnel connection cannot recover from lost packets. The packet loss also manifests inside the tunnel. Some software reacts poorly to packet loss.

With OpenVPN, there are multiple ways to address this, all of which go into the client configuration file:

  • Use either link-mtu 1300 or tun-mtu 1300 (but not both) to explicitly lower the MTU
  • Use mtu-disc yes to enable Path MTU Discovery, but this apparently only works on Linux
  • Use mtu-test to enable a different MTU discovery mechanism that may work on all operating systems but takes a long time
  • Use fragment 1300 to have OpenVPN do fragmentation internally

Furthermore, mssfix 1300 could be used to make tunneled TCP connections behave, but that’s just a performance optimization.

Selecting a limit that is too low for any of these options could seriously affect throughput inside the tunnel. The OpenVPN manual suggests 1300 as a starting point when experiencing issues.

You can read some more about IP fragmentation on this Q/A over at Network Engineering.

You should still check your regular internet connection for notable packet loss. A few percent are tolerable, but once it gets to 10-20% or even higher, it becomes very annoying. If you experience excessive packet loss, there could be a bad connection somewhere. With DSL, this could be bad/old in-house telephone wiring. Cable is also sensitive to this, plus stuff like impedance mismatch, missing termination or bad signal amplifiers.

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .