[Samba] Samba over bridged ethernet VPN

Wes Deviers wdevie at hrcsb.org
Mon Sep 29 20:45:38 GMT 2008 

On Monday 29 September 2008 12:33:33 Daniel Bye wrote:
> Hi all,
>
> I have Samba 3.0.32 on FreeBSD-7-RELEASE, set up to act as a very simple
> workgroup file server (i.e., no domain or anything fancy like that). It
> is the latest version of Samba available in ports.
>
> I am seeing timeouts and connection reset errors in my per-client logs such
> as the following. For clients on the local LAN, the errors don't cause any
> real problems. However, for remote clients connected over OpenVPN in
> bridged Ethernet mode over cheap domestic ADSL lines, they result in the
> clients being unable to open or otherwise manipulate files on the server.

SNIP

>
> This client machine is running WinXP Pro, but we are seeing the same for
> WinXP Home, Vista HP, FreeBSD and Linux-based clients. I have found several
> references to the same problem in numerous mailing list archives and bug
> reports around the web, but none of them seems to have a definite fix.
> Anyone know of anything I can try here?
>
> Thanks for any help or insights you can offer...
>
> Dan

Dan,

I've had problems similar to this with OpenVPN when path MTU discovery was 
broken.  In theory it should never break, but there have been a few times when 
I've had to tweak it by hand.  The general theory, if you're unfamiliar, is 
that different networking media have different Maximum Transmission Units (MTU) 
which is the largest size an L2 chunk can be and still be transported.  In 
Ethernet, it's typically 1500 bytes (+ some overhead, the actual max is 1514).  

Your OVPN link is probably using 1500 as well.  But OpenVPN wraps some header 
information around the Ethernet frame to deliver it correctly; what can happen 
is that the payload size can be larger that 1500 on the VPN link, forcing the 
entire frame to be dropped.

A quick way to diagnose this..if you ssh and do commands with minimal output, 
it will work fine.  If you do a huge directory listing, it will spaz and die 
(because you go from small to large packets).

Have you seen anything like that?  Can you give us a quick breakdown of how 
the routing looks between sites?

Wes

More information about the samba mailing list