Posted: Thu Jun 10, 2010 19:39 Post subject: VPN (PPTP) -- Certain websites always timeout (yahoo, digg)
I'm running v24-sp2 (02/23/10) mega
(SVN revision 13972)on a WRT54GS v1.1. I've set up a VPN using PPTP, for the purpose of allowing relatives in China browse restricted websites (I'm in the U.S.).
Connecting via the standard Windows client, everything appears to run smoothly, except that certain websites, notably www.yahoo.com and www.digg.com will not load--the browser just spins its wheels.
Connecting locally to the router, there's no problem accessing any site. But we've tested the VPN both from China and right here in the U.S. and the same sites won't load. Oddly, sub-sites like sports.yahoo.com are fine. Digg actually manages to get as far as loading the favicon but then hangs. I'm posting this over the VPN connection right now.
I've tried configuring the PPTP server to reside on a different IP address from the router, forwarding VPN port traffic, and removing the OpenDNS servers I had set up statically in the router. There is no problem running a ping or traceroute on www.yahoo.com.
Any suggestions? I feel like the router is accessing the sites but not relaying the traffic for some reason.
It's likely a MTU problem. Try lowering the tunnel's MTU size, maybe manually set your WAN MTU, and if neither helps then also add this to the end of your firewall script on the admin->commands page (you might have to echo it to /tmp/pptpd_client/ip-up instead).
iptables -I FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu _________________ Read the forum announcements thoroughly! Be cautious if you're inexperienced.
Available for paid consulting. (Don't PM about complicated setups otherwise)
Looking for bricks and spare routers to expand my collection. (not interested in G spec models)
sorry to bump an old thread, but this fixed my problem!!! I have a vpn that defaulted to MTU 1500 and facebook etc. would load but sites like microcenter.com and digg.com would not load. i changed the mtu to 1384 by "netsh interface ipv4 set subinterface "VPN" mtu=1384 store=persistent"
I had to set my MTU on my PPTP connection all the way down to 1278. Anything higher and my packets were fragmented.
It does make a difference and the connection is much smoother.
I'm connecting from China to a personal VPN router in the US.
I'm guessing most people with a similar situation will get similar results.
The trick is to set the MTU in the command line interface only for the VPN connection, not for the direct connection you're making to the local router or the remote router. Those MTU settings will be dependent on the local connections such as DSL or cable. You need to have the VPN established and running while you do this.