Over the past few weeks I have been having issues browsing websites when connected to OpenVPN connection on my Airtel Fibernet connection. The interesting thing was that the same settings/vpn worked fine when I connected to my ACT connection instead of Airtel. So I knew it wasn’t an issue on the VPN side, it was something to do with how Airtel was configured and it was really annoying me. So, over the weekend I decided to spend some focused time to fix this issue and finally managed to fix the issue.
Symptoms:
- The VPN Connection would connect without errors.
- No error messages in logs
- When trying to access websites, it would just wait for the website to respond. (Initially thought it was a SSL issue but hit the same issue with http)
- Putting the system in the DMZ didn’t work
- Manually configuring the Routes to match the Route when connected to ACT didn’t work either
- Traceroute worked fine though
Curl in verbose mode would giving me the following and then it would just sit there waiting for a response:
suramya@StarKnight:~/Media/Downloads$ curl -vvv www.google.com
02:43:17.786482 [0-x] == Info: [READ] client_reset, clear readers
02:43:18.370318 [0-0] == Info: Host www.google.com:80 was resolved.
02:43:18.370467 [0-0] == Info: IPv6: 2607:f8b0:4005:80d::2004
02:43:18.370566 [0-0] == Info: IPv4: 142.250.189.164
02:43:18.370624 [0-0] == Info: [SETUP] added
02:43:18.370723 [0-0] == Info: Trying [2607:f8b0:4005:80d::2004]:80…
02:43:18.370951 [0-0] == Info: Immediate connect fail for 2607:f8b0:4005:80d::2004: Network is unreachable
02:43:18.371175 [0-0] == Info: Trying 142.250.189.164:80…
02:43:18.371332 [0-0] == Info: [SETUP] Curl_conn_connect(block=0) -> 0, done=0
02:43:18.544635 [0-0] == Info: [SETUP] Curl_conn_connect(block=0) -> 0, done=0
02:43:18.570870 [0-0] == Info: [SETUP] Curl_conn_connect(block=0) -> 0, done=0
02:43:18.699887 [0-0] == Info: [SETUP] Curl_conn_connect(block=0) -> 0, done=1
02:43:18.700062 [0-0] == Info: Connected to www.google.com (142.250.189.164) port 80
02:43:18.700228 [0-0] == Info: using HTTP/1.x
02:43:18.700338 [0-0] => Send header, 82 bytes (0x52)
0000: GET / HTTP/1.1
0010: Host: www.google.com
0026: User-Agent: curl/8.13.0-rc2
0043: Accept: */*
0050:
02:43:18.700663 [0-0] == Info: Request completely sent off
Then suddenly just to try something different I tried accessing one of my servers over SSH and surprisingly that worked without issues (The connection was a bit slow, but it worked). That showed me that the issue was only for sites over http/https.
I searched the web for solutions and found the following site Setting correct MTU where they were troubleshooting a similar issue. The site suggested adding the following lines to the Client Configuration and I thought I might as well give it a try since nothing else had worked.
tun-mtu 1492 mssfix 1400
I added the lines, restarted the connection and viola all sites started loading even when connected over the VPN. (Yay!) Turns out Airtel needs a higher MTU value than the default for the VPN to work.
– Suramya