Solution for building a vpn proxy for pptp in CentOS
Problem:
On the linux platform, a vpn Server is built with pptp. After dial-in, the Intranet ftp is accessed, and the file downloading is extremely slow. When using pptp as a gateway for accessing the Internet, most websites have extremely slow access speeds and are almost inaccessible.
Solution:
In the * filter table of iptables of the linux service where pptp is located, add
-I FORWARD -p tcp --syn-i ppp+ -j TCPMSS --set-mss 1356
Or run the following command:
/sbin/iptables -I FORWARD -p tcp --syn-i ppp+ -j TCPMSS --set-mss 1356
Cause analysis:
===== When the vpn connection is disconnected:
In Windows XP, ping-f-l XXXXXX 192.168.0.1 for One-Step testing (XXXXXXX is the MTU size, which can be gradually reduced from 1500, and can be pinged)
We can see that the maximum MTU pinging can be 1426.
===== When connecting to a vpn
In Windows XP, ping-f-l XXXXXX 192.168.0.1 for One-Step testing (XXXXXXX is the MTU size, which can be gradually reduced from 1500, and can be pinged)
We can obtain that the maximum pinging MTU is 1372;
If this number is exceeded, it cannot pass.
==== Dial the vpn and use netstat-I to view the interface on the server:
Iface MTU Met RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR Flg
Eth0 1500 0 102528561 0 0 194391413 0 0 0 BRU
Eth1 1500 0 519820535 954 11553 924 0 0 0 BRU
Lo 16436 0 151062 0 0 151062 0 0 0 LRU
Ppp0 1396 0 19 0 0 0 8 0 0 0 OPRU
We can see that the maximum mtu of ppp is 1396, of course, the corresponding mss should be (mtu-20 byte IP header + 20 byte TCP Header =) 1356