From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from gatekeeper1-relay.space.net (gatekeeper1-relay.space.net [IPv6:2001:608:3:85::38]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by lists.bufferbloat.net (Postfix) with ESMTPS id 128CC3B2A4 for ; Tue, 21 Jan 2025 10:36:31 -0500 (EST) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=space.net; i=@space.net; q=dns/txt; s=esa; t=1737473792; x=1769009792; h=date:from:to:cc:subject:message-id:references: mime-version:in-reply-to; bh=NCDbznj4wxc9faUMXmi/FYi4kM1IKsGWv0+wTx1ljQ0=; b=QVwb9FShrO6Mx6xEQZiQUZRE1mjRds5vaGWMQT2ds3BY29FcrWked7Y5 DQKkcuBZrezeHjtSTx3dozY9qbQFvhThj+1cBOmT8Ku5OSSz+KyfpWDqa DHnZMigL3uilhEdOVAWV4rMPS2svqs4D21E2ZC2lyUNfSICDJSiC1pJCx kWZGCQoV6J+NxqLQAbHgKeKrd3LqVcUTJv8sNdDPIZW47UcdMiAT5Wur8 8NdtIM64j2knr8vGmjZgagEBElqttEclBsE3O5HWq9JckakkVRwIBGK+9 9r7LOM23rjteZM8oSIklbW0E7YegF4VHgqbvhnEBVgmfc/FvgI/k4/m8D g==; X-CSE-ConnectionGUID: fqwHHJhnTmqPL0+XBlbIMw== X-CSE-MsgGUID: 0odCJgf9TIyMlrDDpBtAfQ== X-SpaceNet-SBRS: None Received: from mobil.space.net ([195.30.115.67]) by gatekeeper1-relay.space.net with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Jan 2025 16:36:31 +0100 Received: from mobil.space.net (localhost [IPv6:::1]) by mobil.space.net (Postfix) with ESMTP id 7B41F180D6D2 for ; Tue, 21 Jan 2025 16:36:30 +0100 (CET) X-SpaceNet-Relay: true Received: from moebius4.space.net (moebius4.space.net [IPv6:2001:608:2:2::251]) by mobil.space.net (Postfix) with ESMTP id 6BD62180DF8F; Tue, 21 Jan 2025 16:36:30 +0100 (CET) Received: by moebius4.space.net (Postfix, from userid 1007) id 654773F23A; Tue, 21 Jan 2025 16:36:30 +0100 (CET) Date: Tue, 21 Jan 2025 16:36:30 +0100 From: Gert Doering To: David Lang Cc: starlink@lists.bufferbloat.net Message-ID: References: <269839o2-003o-1756-8r28-3on7q7nsrn54@ynat.uz> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <269839o2-003o-1756-8r28-3on7q7nsrn54@ynat.uz> Subject: Re: [Starlink] starlink and VPN X-BeenThere: starlink@lists.bufferbloat.net X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Starlink has bufferbloat. Bad." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 21 Jan 2025 15:36:32 -0000 Hi, On Mon, Jan 20, 2025 at 11:25:04PM -0800, David Lang via Starlink wrote: > the logs on the client are reporting link local: (not bound) when trying > UDP, when I try TCP (and clamp the mtu low) I can connect from the starlink > side (st least sometimes) but cannot get the routing the other way to work If the VPN comes up (both sides declare TLS handshake success, you see the PUSH_REPLY messages on both sides), with TCP, it "should just work" - if not, it's not a starlink issue but something in the OpenVPN setup, or just a plain "ipv4_forward=1" missing on the server side... Feel free to unicast me your OpenVPN logs (verb 3) if needed. With UDP, "it should also work just fine", but MTU might interfere - and of course UDP rate limiting. Try "openvpn --max-packet-size 1000" or even lower, if it's really MTU related (tcpdump on both ends on the outside interface should show if packets are getting lost). Gert Doering -- openvpn upstream -- have you enabled IPv6 on something today...? SpaceNet AG Vorstand: Sebastian v. Bomhard, Ingo Lalla, Karin Schuler, Sebastian Cler Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279