I have there an OpenVPN connection to a plant, where the MSS size on a FTP filetransfer gets set to 60 for some reason.
One interesing thing is, that two devices on this network react different on this request. The Windows 10 PC sets the MSS to 536 and the PLC sets it to 60 like requested. Which one is right?
Why gets it set to 60 in general?
The minimum datagram size of an IPV4 packetdatagram that gets sent unfragmented is 576 bytes.
With 20 bytes IP and 20 bytes TCP header (assuming no options being used in either) the resulting MSS is 536. Therefore I would say a TCP SYN packet with the dont-fragment bit on in the IP header offering a MSS of 60 is not valid and the windows server is correct in ignoring this this proposal and sending segments with a MSS size of 536.
After all this is a file transfer session and sending tiny 60-byte chunks would not help achieving an acceptable throughput.
Why is is set to 60 in general ?
I think this is done at the entry into the VPN tunnel when the incoming MSS is being 'adjusted' based on the
available MTU size in the tunnel. Seeing a 60 suggests that you have a MTU size of 100 bytes 'defined' in the tunnel ...
Tracing at the clients will probably show a much higher value in the TCP MSS option .
Regards Matthias
.png "Michael Uray")
Comments