MTU
----

Debugging network issues related to MTU can be tricky.

When encountering weird connectivity issues through VPN, the probability is high that it's a MTU issue.

Check configured MTU size::

  ifconfig | grep eth0 | grep -o "mtu.*"
  # or 
  ip addr | grep "mtu [0-9]*"

Send these ping commands to check the MTU size by changing the packet size (`-s` parameter)

:: 

  ping -M do -s 1300 example.com
  ping -M do -s 1400 example.com
  ping -M do -s 1500 example.com

In case it's a MTU issue, you'll see:
1. First ping commands with small values are working

::

  $ ping -M do -s 1300 example.com   
  PING example.com (93.184.216.34) 1300(1328) bytes of data.
  1308 bytes from 93.184.216.34 (93.184.216.34): icmp_seq=1 ttl=55 time=361 ms
  1308 bytes from 93.184.216.34 (93.184.216.34): icmp_seq=2 ttl=55 time=180 ms
  ^C
  --- example.com ping statistics ---
  2 packets transmitted, 2 received, 0% packet loss, time 3ms
  rtt min/avg/max/mdev = 179.919/270.407/360.896/90.489 ms

2. Then pings are failing with no answer: this is the window where we are in the MTU issue

::

  $ ping -M do -s 1380 example.com
  PING example.com (93.184.216.34) 1380(1408) bytes of data.
  ^C
  --- example.com ping statistics ---
  5 packets transmitted, 0 received, 100% packet loss, time 129ms

3. Finally when the size gets bigger, we see MTU error messages.

::

  $ ping -M do -s 1420 example.com 
  PING example.com (93.184.216.34) 1420(1448) bytes of data.
  ping: local error: Message too long, mtu=1412
  ^C
  --- example.com ping statistics ---
  1 packets transmitted, 0 received, +1 errors, 100% packet loss, time 0ms


Solution
~~~~~~~~~

`iptables` can be used to setup a workaround, by automatically sending a lower MTU on TCP connection estalishment:

::

  sudo iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o eth0 -j TCPMSS --set-mss 1300