Register for the iXsystems Community to get an ad-free experience and exclusive discounts in our eBay Store.

VPN Freezes Linux Mint File Browser With Mapped NFS Shares Mounted

Steven Wormuth

FreeNAS Experienced
Joined
May 2, 2017
Messages
119
I know... That subject is a mouthful... So here's the deal, and I'm wondering if anyone wants to help me sort this out?

This has been persistent across multiple versions of FreeNAS and Linux Mint, and I don't know where the bug exists. I have multiple laptops and desktops running multiple versions of Mint, and I have them all map NFS shares hosted on FreeNAS at boot using FSTAB. If I connect to a VPN service in any way, the Linux Mint file browser (Nemo) and the desktop become unresponsive. I can't open a file on the desktop, or open a folder. It will freeze the machine requiring a hard reboot.

If I comment out the FreeNAS mappings in FSTAB and reboot, I can use a VPN just fine, and browse folders and interact with the desktop. I have tried multiple VPN service providers and different VPN apps. I setup a VPN network in PFSENSE to route all traffic without any client on the local machine at all, still locks up. But it only locks up if I have a share mapped to FreeNAS.

Obviously, this makes a VPN useless. I simply can't use it either with an app or through a router with VPN running.

So where to begin?

Help a brother out please!!
 

Elliot Dierksen

FreeNAS Guru
Joined
Dec 29, 2014
Messages
781
I wonder if you have some MTU/Do not fragment issues. With the VPN up, you are tunneling IP inside of IP. That means you likely lose 40 bytes or more of payload. That can cause packets to get fragmented, and windows is notorious for capriciously marking things as 'do not fragment' for no particularly good reason. Higher end routers can clear the 'do not fragment' bit in the IP headers. You could also try changing the system MTU to something smaller like 1400 bytes.
 

Steven Wormuth

FreeNAS Experienced
Joined
May 2, 2017
Messages
119
I wonder if you have some MTU/Do not fragment issues. With the VPN up, you are tunneling IP inside of IP. That means you likely lose 40 bytes or more of payload. That can cause packets to get fragmented, and windows is notorious for capriciously marking things as 'do not fragment' for no particularly good reason. Higher end routers can clear the 'do not fragment' bit in the IP headers. You could also try changing the system MTU to something smaller like 1400 bytes.
Okay, I'll tinker with the MTU setting in Linux Mint and see if that helps any... Probably tomorrow at this point. I'll post back with how it goes.
 

melloa

FreeNAS Expert
Joined
May 22, 2016
Messages
1,711
This has been persistent across multiple versions of FreeNAS and Linux Mint,
SMB and NFS have been very stable on my FreeNAS and FreeBSD servers for about three years. Although I do use Mint on my laptop and desktop with permanent maps to my servers and IPSec always on between my family network, using pfSense, I don't VPN out.

Can you try to setup a test server with another OS and test? I doubt is a FreeNAS issue.
 

Steven Wormuth

FreeNAS Experienced
Joined
May 2, 2017
Messages
119
SMB and NFS have been very stable on my FreeNAS and FreeBSD servers for about three years. Although I do use Mint on my laptop and desktop with permanent maps to my servers and IPSec always on between my family network, using pfSense, I don't VPN out.

Can you try to setup a test server with another OS and test? I doubt is a FreeNAS issue.
This weekend I will setup another PC and see what it does. I'll post back.
 

Steven Wormuth

FreeNAS Experienced
Joined
May 2, 2017
Messages
119
I wonder if you have some MTU/Do not fragment issues. With the VPN up, you are tunneling IP inside of IP. That means you likely lose 40 bytes or more of payload. That can cause packets to get fragmented, and windows is notorious for capriciously marking things as 'do not fragment' for no particularly good reason. Higher end routers can clear the 'do not fragment' bit in the IP headers. You could also try changing the system MTU to something smaller like 1400 bytes.
I looked at my pfSense configuration, and had already had that option set. See the screenshot.

NoFragment.png
 
Top