OSX: PPTP VPN networking problem solved with custom MTU

Posted by on 05/15/2015 Leave a comment (0) Go to comments

osx0
I had an interesting complain the other day – customer experienced connectivity problems trying to access some web sites while on PPTP VPN connection. The VPN server was running on Linux and also under our control so troubleshooting the situation was pretty easy. All MS Windows based clients didn’t have this problem, only OSX based clients.

I had a hunch that the problem is MTU based.
There is an old story related to the MSN messenger failing to work over PPTP VPN unless your MTU was set less then default 1500 (related to TCP fragmentation rejection as the “security measure”), we had to configure it to 1400 in /etc/ppp/ip-up.local that is executed by pppd daemon after bringing up the connection

This modification was working fine for everybody except OSX based clients. Why?
Here is the explanation
osx1

 

 

See the highlighted number? It turns out that OSX “knows better” – it does not accept MTU size from the server and sets some predefined value under 1500. Pretty obscure value too – something like 1500 – header(PPP +LCP + IP).

In our situation the solution was obvious – set VPN server MTU to 1444 by modifying /etc/ppp/ip-up.local

After restarting OSX VPN connection all connectivity problems disappeared. If you have MS Windows based PPTP VPN server please refer to following page

The situation is quite different if you don’t have control over the VPN server. If it is absolutely necessary you can adjust your OSX laptop MTU size but it is rather intrusive operation and could render your laptop OS installation unusable. You have been warned – proceed with extreme caution.
In this situation you will have to use Windows PC first to connect PPTP VPN and find out the proper MTU size.
Then configure and start PPTP VPN on your OSX, open Terminal window and check for the running pppd daemon process UUID.

osx2
Selected is the process UUID – please mark it down for further use.
Next step would be to adjust this PPTP connection properties. For that you will have to edit system configuration file. PLEASE, make a backup copy first.
In the same terminal enter the command
osx3

 

it will ask you for your user password and jump to the line with 2nd highlighted section (part of the process UUID from the previous command). Scroll down to the VerboseLogging key and then add 2 lines (lets assume we need to set MTU to 1400 we have used in the initial example). At the end you will have the following added section of the preferences file

osx4

 

 

 

 

 

 

For this configuration to take effect you will need to reboot your OSX laptop.

Congratulations – now you have set custom PPTP VPN MTU on OSX. Happy networking.

Related posts:

  1. VPN from Vmware Guest OS on windows 7
  2. Sysadmin: “[warn-phpd] mmap cache can’t open file … ” mystery solved
  3. Register any browser as Windows7 default (including portable)
Apple, network, Software, Sysadmin, , ,

Leave a Comment

NOTE - You can use these HTML tags and attributes:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code class="" title="" data-url=""> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong> <pre class="" title="" data-url=""> <span class="" title="" data-url="">