Bug 693235 - SIOCSIFMTU: Invalid argument
Summary: SIOCSIFMTU: Invalid argument
Alias: None
Product: Fedora
Classification: Fedora
Component: vpnc
Version: 15
Hardware: Unspecified
OS: Unspecified
Target Milestone: ---
Assignee: Christian Krause
QA Contact: Fedora Extras Quality Assurance
Depends On:
TreeView+ depends on / blocked
Reported: 2011-04-03 19:58 UTC by Daniel Mach
Modified: 2011-11-18 15:16 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2011-11-18 15:16:09 UTC

Attachments (Terms of Use)
A description what fails (543 bytes, text/plain)
2011-05-27 04:58 UTC, Jens Hektor
no flags Details
Proposed fix. (530 bytes, patch)
2011-07-28 02:07 UTC, Fred Wittekind IV
no flags Details | Diff

Description Daniel Mach 2011-04-03 19:58:18 UTC
When I start vpnc, I get:
'SIOCSIFMTU: Invalid argument' error message

vpnc works as expected after that

selinux is in permissive
vpnc version is vpnc-0.5.3-9.fc15.i686

Here's a relevant part of strace output:
ioctl(4, SIOCSIFADDR, {ifr_name="tun0", ifr_addr={AF_INET, inet_addr("...")}}) = 0
ioctl(4, SIOCGIFFLAGS, {ifr_name="tun0", ifr_flags=IFF_POINTOPOINT|IFF_NOARP|IFF_MULTICAST}) = 0
ioctl(4, SIOCSIFDSTADDR, {ifr_name="tun0", ifr_dstaddr={AF_INET, inet_addr("...")}}) = 0
ioctl(4, SIOCSIFNETMASK, {ifr_name="tun0", ifr_netmask={AF_INET, inet_addr("...")}}) = 0
ioctl(4, SIOCGIFADDR, {ifr_name="tun0", ifr_addr={AF_INET, inet_addr("...")}}) = 0
ioctl(4, SIOCSIFBRDADDR, {ifr_name="tun0", ifr_broadaddr={AF_INET, inet_addr("...")}}) = 0
ioctl(4, SIOCSIFMTU, {ifr_name="tun0", ???}) = -1 EINVAL (Invalid argument)

Comment 1 Henrique Martins 2011-05-26 05:16:54 UTC
Get the same error.  Bug seems to be in vpnc-script an rpm that provides /etc/vpnc/vpnc-script but it is not in the list of components here on bugzilla, when the script invokes do_ifconfig

do_ifconfig() {
	if [ -n "$INTERNAL_IP4_MTU" ]; then
	elif [ -n "$IPROUTE" ]; then
		MTU=$(($($IPROUTE route get "$VPNGATEWAY" | sed -ne 's/^.*mtu \([[:digit:]]\+\).*$/\1/p') - 88))
# Point to point interface require a netmask of on some systems
	ifconfig "$TUNDEV" inet "$INTERNAL_IP4_ADDRESS" $ifconfig_syntax_ptp "$INTERNAL_IP4_ADDRESS" netmask mtu ${MTU} up

In my case INTERNAL_IP4_MTU is not set, IPROUTE is /sbin/ip and it's output does not contain an mtu value, thus MTU is set to -88 and the suceeding ifconfig fails.

I'm working around it by setting INTERNAL_IP4_MTU to 1500.  I don't see a flag in man ip that will make the get command return the mtu.

Comment 2 Henrique Martins 2011-05-26 05:32:27 UTC
Here are the rpms from a fresh f14->f15 yum upgrade:
though as I said in #1, the problem seems to be in vpnc-script.

Comment 3 Jens Hektor 2011-05-27 04:58:38 UTC
Created attachment 501246 [details]
A description what fails

Comment 4 Fred Wittekind IV 2011-07-26 16:02:58 UTC
I get the same error message (SIOCSIFMTU), also Fedora 15

[rom@nova ~]$ rpm -q vpnc-script vpnc
[rom@nova ~]$ rpm -qV vpnc-script vpnc
?........  c /etc/vpnc/default.conf

Mine on the other hand does not work as expected after the error.  It behaves like it has a misconfigured MTU (which it likely does).

If I ssh to a remote server over the VPN, and issue a command with short output, everything works as it should, if I issue a command with long output the ssh session closes.

I assume the reason for this, is the MTU setting on the VPN tunnel ends up being 1500 when the MTU on the physical device (eth0) is also 1500, add in the the overhead of the VPN session (I assume that is the purpose of the "- 88" in the expression in the script), and the packet doesn't get though.

Comment 5 Henrique Martins 2011-07-26 16:24:26 UTC
Add this line at the top of the script
which will then be reduced by 88 later on, and you should be fine.

Comment 6 Fred Wittekind IV 2011-07-26 21:50:22 UTC
Actually, it takes INTERNAL_IP4_MTU literal if it's set (not reduced by 88), setting to 1500 removed the error message, but did not fix the issue of ssh sessions closing when I issue commands with long output.

Setting INTERNAL_IP4_MTU to 1412 does fix both issues.

Work-arounds are nice (and very much appreciated), but, updated packages are better.

Now that the issue is more than just the error message, does that change the priority of addressing this?

I poked around a bit with the ip route get command, and I can see on older Fedora boxes it does return MTU, on Fedora 15 it doesn't.

I'll try more later to find a real fix, if I can find one, I'll post it.

Comment 7 Henrique Martins 2011-07-26 22:00:57 UTC
You're right!  Either the MTU on my device is larger than 1500 or I haven't experienced the bug.  Not sure what you call long output but I usually open a vpn connection to work then lots of rdesktop windows that I assume have large data transfers and never had the line drop on me.  On the xterm where I did the vpn-connect I usually open a gnuclient connection to my xemacs running on another F15 machine at work and that one never drops either.

Comment 8 Fred Wittekind IV 2011-07-27 01:43:31 UTC
I'm wondering if support of MTU's larger than 1500 on the remote end of the VPN may also be a factor.  I would not be surprised if jumbo frames where turned on somewhere on the network at my work (intentionally).

Long output would be greater than 1412 characters in this case.  Pretty easy to do.

Comment 9 Fred Wittekind IV 2011-07-28 02:07:35 UTC
Created attachment 515615 [details]
Proposed fix.

Reworked expression in script to extract the MTU from the newer version of iproute-2

Comment 10 Fedora Admin XMLRPC Client 2011-08-31 00:43:31 UTC
This package has changed ownership in the Fedora Package Database.  Reassigning to the new owner of this component.

Comment 11 Christian Krause 2011-09-11 15:22:53 UTC
I have fixed the issue in RAWHIDE. The update will be available in F16 and F15 shortly.

Comment 12 Fedora Update System 2011-09-11 16:32:51 UTC
vpnc-0.5.3-13.svn457.fc16 has been submitted as an update for Fedora 16.

Comment 13 Fedora Update System 2011-09-11 16:35:14 UTC
vpnc-0.5.3-13.svn457.fc15 has been submitted as an update for Fedora 15.

Comment 14 Fedora Update System 2011-09-25 23:18:28 UTC
vpnc-0.5.3-13.svn457.fc15 has been pushed to the Fedora 15 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 15 Fedora Update System 2011-09-30 19:07:04 UTC
vpnc-0.5.3-13.svn457.fc16 has been pushed to the Fedora 16 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.