TCP retransmissions in Oracle Cloud

[crypt47]

Hello everyone, got two free virtual machines in OC to run a VPN service there. Strangely enough my usual configuration didn't work. I have two variants of configuration: OpenVPN and IPsec. Both have the same problem. Too many TCP retransmissions and speed about 5kbs for outgoing traffic that crosses VPN interfaces with different MTU. I even tested with nginx on the same servers. Direct connection inside the cloud with MTU 9000 works fine. Request from VPN network with smaller MTU1400 ends up with problem. Had used a TCP mss fix for IPsec as usual, but it didn't help this time. I reassemble packates on ipfw. The speed test shows that upload speeds are fine. Tested the same setup in Amazone cloud - works as expected. What else? Currently out of ideas. Something is missed.

 

[crypt47]

Found the problem. TCP checksum were incorrectly calculated with vtnet driver and offload. Fixed by adding


# /boot/loader.conf
hw.vtnet.csum_disable=1


Searching reveals that the problem is for a while in the wild. https://serverfault.com/questions/8...csum-disable-1-what-are-the-posible-side-effe

I wonder why it wasn't reported and fixed.

 

[crypt47]

it's probably a good idea to disable TSO (hw.vtnet.tso_disable) as it is said it's not compatible with kernel nat

 

[crypt47]

Seems like nobody cared to reported this bug for about a few years, so I did it too: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=276760