OSX: PPTP VPN networking problem solved with custom MTU

osx0
I had an interesting complain the other day – customer experienced connectivity problems trying to access some web sites while on PPTP VPN connection. The VPN server was running on Linux and also under our control so troubleshooting the situation was pretty easy. All MS Windows based clients didn’t have this problem, only OSX based clients.
I had a hunch that the problem is MTU based.
There is an old story related to the MSN messenger failing to work over PPTP VPN unless your MTU was set less then default 1500 (related to TCP fragmentation rejection as the “security measure”), we had to configure it to 1400 in /etc/ppp/ip-up.local that is executed by pppd daemon after bringing up the connection

This modification was working fine for everybody except OSX based clients. Why?
Here is the explanation
osx1

 

 

See the highlighted number? It turns out that OSX “knows better” – it does not accept MTU size from the server and sets some predefined value under 1500. Pretty obscure value too – something like 1500 – header(PPP +LCP + IP).

In our situation the solution was obvious – set VPN server MTU to 1444 by modifying /etc/ppp/ip-up.local

After restarting OSX VPN connection all connectivity problems disappeared. If you have MS Windows based PPTP VPN server please refer to following page

The situation is quite different if you don’t have control over the VPN server. If it is absolutely necessary you can adjust your OSX laptop MTU size but it is rather intrusive operation and could render your laptop OS installation unusable. You have been warned – proceed with extreme caution.
In this situation you will have to use Windows PC first to connect PPTP VPN and find out the proper MTU size.
Then configure and start PPTP VPN on your OSX, open Terminal window and check for the running pppd daemon process UUID.

osx2
Selected is the process UUID – please mark it down for further use.
Next step would be to adjust this PPTP connection properties. For that you will have to edit system configuration file. PLEASE, make a backup copy first.
In the same terminal enter the command
osx3

 

it will ask you for your user password and jump to the line with 2nd highlighted section (part of the process UUID from the previous command). Scroll down to the VerboseLogging key and then add 2 lines (lets assume we need to set MTU to 1400 we have used in the initial example). At the end you will have the following added section of the preferences file

osx4

 

 

 

 

 

 

For this configuration to take effect you will need to reboot your OSX laptop.

Congratulations – now you have set custom PPTP VPN MTU on OSX. Happy networking.

Share Button

Sysadmin: How to install latest ffmpeg on Centos

Ffmpeg_new_logo
I had a request to install latest ffmpeg on one of our Cnetos 5 servers the other day. Since I’m trying to stick the the proper package management I’ve had to look for the most recent ffmpeg RPM package on the pkgs.org site. As in most cases the search pointed me towards atrpms.net repository. Pkgs.org contains pretty detailed instruction on how to add the repository that contains the package you require but unfortunately it was not all that straightforward with atrpms.net
Read more »

Share Button

Sysadmin: “[warn-phpd] mmap cache can’t open file … ” mystery solved


Yesterday I was asked by one of our old customers to help solving very interesting problem – he put some php files outside of apache DocumentRoot on his server and the apache could not access the files, producing very interesting lines into apache default error_log

Read more »

Share Button

Sysadmin: How to make use of apache web server mod_expires to improve performance

apache_banner
Most of modern Linux distributions contain Apache 2.x web server with the set of standard modules. One of these modules is mod_expires that allows to configure content expiration in local browser cache or caching proxies. Proper configuration for it can significantly improve overall server performance and reduce bandwidth consumption.
Read more »

Share Button

Sysadmin: How to force fsck on reboot on single filesystem on Linux

fsck
Recently I’ve faced a problem with some server where /usr filesystem ot an error and was switched to read-only. Otherwise server was fine and I wanted to force fsck just on this filesystem, avoiding the rest ( 500gb /home filesystem would keep server down for a loong time which is completely opposite of my goal)
Read more »

Share Button

How to use BFD tool to block WordPress brute force attacks

I have written about the excellent and lightweight (unlike fail2ban which is more popular but too resource consuming and 3rd party tools dependent) tool BFD earlier. This tool is actually the set of bash scripts that looks for known pattern in the logs and executes actions against offending IPs based on the configuration. Little is known that it’s also modular and allows to extend it’s behavior by writing custom rules to assist with more uncommon situations.

I’ve also written about widespread WordPress brute force attacks that targets wp-logon.php script. The solution I’ve offered there takes care of single WordPress site. It’s getting more difficult to mitigate the attack in case you have multiple servers with multiple WordPress sites. So I decided to come up with more general approach.

Read more »

Share Button

Sysadmin: How to delete specific messages from postfix queue

postfix
In case your server mailqueue is full of messages you want to delete, most of google found instructions are not correct – there is no mailq for postfix anymore.
Read more »

Share Button

PHP Catchable fatal error: Object of class Savant2_Error could not be converted to string

savant
This was the tale of my last couple of days. One of our long time customers was moving a bunch of web sites from various web hosting providers to her dedicated server.
As usual there was all kinds of kinks and problems during her attempts to reconfigure her web sites. Some of her sites are using Savant template system and was showing unusual behavior – request to the front page was returning status 500 – server error and while content was displaying the design of the content was altered. Unable to figure out the problem she asked for help.
Read more »

Share Button

Centos: How to run multiple mysql instances on a single server

centos_iconmysql There are plenty instruction on how to run multiple mysql instances on a single server on various blogs. Most of them are based on the original mysql rpm package produced by Oracle (nowdays). In my opinion this could be unnecessary overhead when you have OS provided mysql server package and all you need to configure another instance is to slightly modify bundled configuration and init.d script.
Read more »

Share Button

Sysadmin: how to configure nginx for Jelix PHP framework

nginxjelix I had to migrate to nginx web server some web application written using Jelix PHP framework and I’ve hard a problem with Jelix URLs that look like http://domain.com/site/script.php/arg1/arg2/arg3. Originally Jelix requires “Options +MultiViews” and “AcceptPathInfo on” in Apache config, neither of which are available on nginx. It took a while to find proper solution.
Read more »

Share Button
Page 1 of 712345...Last »