Reply To: ZS version 3.3.x breaks internet access through PPTP VPN

Home Page Forums Network Management Signal a BUG ZS version 3.3.x breaks internet access through PPTP VPN Reply To: ZS version 3.3.x breaks internet access through PPTP VPN

#53703

onega
Member

small MTU broke packets,
in version 3.7.1 only 40-50% sites work fine (for pptp clients), another sites not work. And for openvpn mobile client, 50% sites not work if encryption enabled (in my network).

3 way to resolve problem:

1)script in zeroshell sheduler, every 1 min:
iptables -t mangle -I FORWARD -p tcp –tcp-flags SYN,RST SYN -j TCPMSS –clamp-mss-to-pmtu

2) decrease MTU for zeroshell LANWAN and client computers:
https://www.zeroshell.org/forum/viewtopic.php?t=4282

3) disable MPPE encryption for PPTPl2tp:
http://www.zeroshell.net/listing/pptp_vpn.pdf
config example in page №3, need disable/enable some settings, and sites will be work fine.