Skip to main content

mppe_compress[0]: osize too small! (have: 1404 need: 1408)

Windows VPN and PPTP Connectivity Timeouts

In my pursuit for a personal cloud and convenient secure remote file system so as to be able to develop directly on the server I have researched, tested and decided against SFTP, WebDAV, and SAMBA/NFS over internet. The only approach still standing is the built in Windows VPN and PPTP + SAMBA/CIFS:


However there was one bug that prevented some sites/services from working and timing out; the /var/log/syslog showed the following intermittently:

Apr 19 10:15:15 sh1 pptpd[11330]: GRE: accepting packet #107
Apr 19 10:15:15 sh1 pptpd[11330]: GRE: accepting packet #108
Apr 19 10:15:15 sh1 pptpd[11330]: GRE: accepting packet #109
Apr 19 10:15:15 sh1 kernel: mppe_compress[0]: osize too small! (have: 1404 need: 1408)
Apr 19 10:15:15 sh1 kernel: ppp0: ppp: compressor dropped pkt
Apr 19 10:15:15 sh1 kernel: mppe_compress[0]: osize too small! (have: 1404 need: 1408)

This due to the way MPPE Microsoft point-to-point Encryption encodes data which results in the packet size being bigger then what was agreed in the VPN handshake - is my guess. There is a reported bug from 2005 which sadly hast not yet been addressed.

Fixing the issue by increasing the MTU

You can't fix this issue by modifying the MTU/MRU settings in '/etc/ppp/options' directly, you have to adjust the MTU after the PPP connection is up and this can be accomplished by adding a custom 'ip-up' script.

Below is my workaround script, place it into file '/etc/ppp/ip-up.d/mppefixmtu' and ensure that it is executable ('chmod +x mppefixmtu'):

#!/bin/sh
CURRENT_MTU="`ifconfig $1 | grep -Po '(?<=MTU:)([0-9]+)'`"
FIXED_MTU="`expr $CURRENT_MTU + 4`"
ifconfig $1 mtu $FIXED_MTU
echo "Increased MTU for $1 to $FIXED_MTU (from $CURRENT_MTU) to fix MPPE Microsoft Point-to-Point bug #330973"

Troubleshooting

You can review script errors by examining the file '/var/log/ppp-ipupdown.log', however if the file doesn't exist then you must create it to enable ip-up/ip-down script logging - don't forget to restart pppd.

As always if you found this useful feel free to follow me here or via twitter @danielsokolowski.

Comments

  1. stuffNovember 21, 2013 at 8:53 AM

    I am trying to use your script but I get syntax error,
    expr: syntax error
    mtu: error fetching interface information: Device not found
    Increased MTU for to (from 1500

    also I do not have /etc/ppp/ip-up.d/ directory in my installation. therefore where I should add your script so that it works. ?

    ReplyDelete
    Replies
    1. Daniel SokolowskiNovember 21, 2013 at 1:26 PM

      What distribution is that, the above is based on Debian.

      Delete
  2. stuffDecember 2, 2013 at 6:52 AM

    CentOS 6

    ReplyDelete
    Replies
    1. Héctor.December 10, 2013 at 10:29 PM

      I think maybe put this config in /etc/ppp/ip-up.local I have the same trouble

      Delete
    2. Héctor.December 11, 2013 at 11:35 AM

      Hi. Just put the above script in /etc/ip-up.local and works, just add a line to log to know it working. Regard.

      Delete
  3. Daniel SokolowskiDecember 2, 2013 at 10:27 AM

    I am sorry but the above is for Debian/Ubuntu - I am not familiar with CentOS.

    ReplyDelete
  4. UnknownMarch 11, 2014 at 12:09 PM

    Hi,
    I got the following mesage in my logs fiel:
    kernel: mppe_compress[0]: osize too small! (have: 1404 need: 1408)

    and tried to launch your script but it return follwing error:

    expr: syntax error
    mtu: error fetching interface information: Device not found
    Increased MTU for to (from 1500
    65536
    1396
    1408) to fix MPPE Microsoft Point-to-Point bug #330973

    here is mppefixmtu content
    cat mppefixmtu
    #!/bin/sh
    CURRENT_MTU="`ifconfig $1 | grep -Po '(?<=MTU:)([0-9]+)'`"
    FIXED_MTU="`expr $CURRENT_MTU + 4`"
    ifconfig $1 mtu $FIXED_MTU
    echo "Increased MTU for $1 to $FIXED_MTU (from $CURRENT_MTU) to fix MPPE Microsoft Point-to-Point bug #330973"
    root@ns309111:/etc/ppp/ip-up.d#

    What is wrong ?

    Regards
    Richard

    ReplyDelete
    Replies
    1. Daniel SokolowskiMarch 13, 2014 at 9:43 PM

      The script is not meant to be run manually, it is called when the session is established by the system as the interface is passed through the $1 argument; the script needs to be placed in `/etc/ppp/ip-up.d/mppefixmtu` on a Debian/Ubuntu machine. Try establishing a connection and then check your `/var/log/syslog` to see if the error persists.

      Delete
  5. UnknownMarch 17, 2014 at 3:35 AM

    OK thank you for your reply it seems to be ok

    Regards

    Richard

    ReplyDelete
  6. blanikAugust 17, 2014 at 1:42 PM

    Many thanks for this - first hit on a google search for the error message - and it works perfectly on Ububtu 12.04

    ReplyDelete
  7. stuffNovember 13, 2014 at 5:34 AM

    Hello Centos 6 users,

    I created file ip-up.local in my /etc/ppp/ directory and added
    #!/bin/sh
    CURRENT_MTU="`ifconfig $1 | grep -Po '(?<=MTU:)([0-9]+)'`"
    FIXED_MTU="`expr $CURRENT_MTU + 4`"
    ifconfig $1 mtu $FIXED_MTU
    echo "Increased MTU for $1 to $FIXED_MTU (from $CURRENT_MTU) to fix MPPE Microsoft Point-to-Point bug #330973"

    Made ip-up.local file executable, restarted the pptpd server, then re-eastablish the ppp connection, but i still get those compressor dropped pkt in my syslog.

    Where exactly you placed the script in centos 6 ? in my /etc/ppp directory i did not have ip-up.local file so I created myself.

    ReplyDelete

Post a Comment

Popular posts from this blog

Duplicate value found: duplicates value on record with id: <unknown>.

System.DmlException: Insert failed. First exception on row 0; first error: DUPLICATE_VALUE, duplicate value found: <unknown> duplicates value on record with id: <unknown>. The above error is triggered in the database layer and caused by a trigger or workflow outside of your main code of block that is bubbling this exception. This is rather difficult to track down especially if you are unfamiliar with the code, I am sharing my procedure in the hopes this saves you time - if you find this helpful drop me a line or follow me on twitter @danielsokolows . This error is caused by unique field constraint on the object, so the first step is to examine the object and locate the API names of all unique fieds. You can do this through SF direclty 'Setup < Customize &lt <object being inserted> &lt Fields' or by downloading the `src/objects` metadata information and searching for <unique> ; I preffer the latter and actually download ALL matadata i
3 comments
Read more

Softeher 'Error occurred. (Error code: 2)' sollution

Protocol error occurred. Error was returned from the destination server. The Softether server by default to run on port 443 , if you server also hosts normal https then 443 is already taken and so Softether can't bind to it. When you run `vpncmd` it attempts to connect, find an active port, but of course fails with 'Protocol error occurred. Error was returned from the destination server.' because it's not actually connecting to the vpn server. By default Softether also listens on 992 , 1194 , and 5555 so the sollution is to modify specify `localhost:5555` when executing the `vpncmnd`. If this has helped you feel free to comment or follow me on twitter @danielsokolows .
6 comments
Read more

How to child proof a fireplace

DIY - Do it yourself fireplace child guard Our wonderful 8.5 month old Sofia has become a crawling race car with an untamed thirst for exploration. And so with the cold nights approaching we needed to child proof the fireplace. This however proved to be more difficult than would reasonably expect, I've checked the local Toys "R" Us, Walmart, and even a Canadian Tire with no success for a ready to use product. Internet search was more fruitful and returned a few online stores one could order from, however in all honestly they didn't look too sturdy to me. So I build my own relatively quickly and inexpensively. Materials needed is a privacy plastic lattice - the smallest hole pattern - a few screws and anchors; tools needed are a drill, and a handsaw if you don't have the lattice cut at the store - that’s it. The construction consits of screwing the lattice into the wall and the final product is easiest explained through following pictures.
11 comments
Read more