From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <david@lang.hm>
Received: from mail.lang.hm (syn-045-059-245-186.biz.spectrum.com
 [45.59.245.186])
 (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by lists.bufferbloat.net (Postfix) with ESMTPS id 81A453B2A4
 for <starlink@lists.bufferbloat.net>; Tue, 21 Jan 2025 10:52:37 -0500 (EST)
Received: from [10.2.2.53] (unknown [10.2.2.53])
 by mail.lang.hm (Postfix) with ESMTP id A3AAE1F104B;
 Tue, 21 Jan 2025 07:52:36 -0800 (PST)
Date: Tue, 21 Jan 2025 07:52:36 -0800 (PST)
From: David Lang <david@lang.hm>
To: Gert Doering <gert@space.net>
cc: David Lang <david@lang.hm>, starlink@lists.bufferbloat.net
In-Reply-To: <Z4--_slOenLdVuJF@Space.Net>
Message-ID: <o3396q26-n0o5-s6rp-1rpo-52904r245878@ynat.uz>
References: <269839o2-003o-1756-8r28-3on7q7nsrn54@ynat.uz>
 <Z4--_slOenLdVuJF@Space.Net>
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII; format=flowed
Subject: Re: [Starlink] starlink and VPN
X-BeenThere: starlink@lists.bufferbloat.net
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: "Starlink has bufferbloat. Bad." <starlink.lists.bufferbloat.net>
List-Unsubscribe: <https://lists.bufferbloat.net/options/starlink>,
 <mailto:starlink-request@lists.bufferbloat.net?subject=unsubscribe>
List-Archive: <https://lists.bufferbloat.net/pipermail/starlink>
List-Post: <mailto:starlink@lists.bufferbloat.net>
List-Help: <mailto:starlink-request@lists.bufferbloat.net?subject=help>
List-Subscribe: <https://lists.bufferbloat.net/listinfo/starlink>,
 <mailto:starlink-request@lists.bufferbloat.net?subject=subscribe>
X-List-Received-Date: Tue, 21 Jan 2025 15:52:37 -0000

Gert Doering wrote:

> Hi,
>
> On Mon, Jan 20, 2025 at 11:25:04PM -0800, David Lang via Starlink wrote:
>> the logs on the client are reporting link local: (not bound) when trying
>> UDP, when I try TCP (and clamp the mtu low) I can connect from the starlink
>> side (st least sometimes) but cannot get the routing the other way to work
>
> If the VPN comes up (both sides declare TLS handshake success, you see
> the PUSH_REPLY messages on both sides), with TCP, it "should just work"
> - if not, it's not a starlink issue but something in the OpenVPN setup,
> or just a plain "ipv4_forward=1" missing on the server side...

I am expecting that it is something in my configs, but I think there is some 
interaction with Starlink as it did connect when I used my phone hotspot for my 
WAN (I didn't try connecting back)

> Feel free to unicast me your OpenVPN logs (verb 3) if needed.

I will probably take you up on that. I'm going to do a little more testing 
first.

> With UDP, "it should also work just fine", but MTU might interfere - and
> of course UDP rate limiting.  Try "openvpn --max-packet-size 1000" or
> even lower, if it's really MTU related (tcpdump on both ends on the outside
> interface should show if packets are getting lost).

that's more or less where I ended up that finally got it working in one 
direction. I was hoping that someone could say what MTU I needed to set it to 
rather than having to manually test. :-)

It may be that I missed a step in the client router and the tun interface is not 
in the correct firewalling to allow connections back

David Lang

> Gert Doering
>        -- openvpn upstream
>