A few months ago, I had to use my company´s VPN in HomeOffice. At that time, I had a DS-Lite internet connection (4in6 tunneling).
For some reason, I was almost unable to work because primarily stuff, that would cause large package sizes (git push/pull, file transfer, etc.) would not work.
I went through long troubleshooting sessions with our IT-Department (I´m a software dev, but our IT-Department does most of the Ops stuff), but we didn´t find a solution.
After a few weeks, I found an article, that stated the IPv6 header size was a problem because the VPN didn´t account for that. It said, that the VPN expected a 20-byte IPv4 header instead of a 40-byte IPv6 header, which was used in the 4in6 tunneling step of my connection.
It also said, that because of this overhead, a few bytes of packet content would just be dropped, therefore making the packet invalid.
The solution was lowering the MTU of my tunnel interface to account for that overhead.
My problem is, that I don´t fully understand this behavior. In all my networking classes, I learned, that too large packets would just be split and receive a part number so that they can be reassembled in the right order. I never heard of packet content being just "cut off".
Can anyone explain this behavior to me?
Some of my colleagues had the same problems, and for now it´s just lowering the MTU and that´s it. But no one really understood why those packets won´t just get split.
Cheers and thanks in advance
No comments:
Post a Comment