Speculatively fix L2TP keepalive issues by reducing mtu

This change reduces MTU/MRU values for racoon/pppd from 1400 to 1388 in an attempt to fix keepalive issues experienced in the field. Bug: 119076193 Test: Speculative change, original issues were not reproducible. Change-Id: I7731503260fdc8bcbc6c5fcda6991ead6fb7c52e
author: Benedict Wong <benedictwong@google.com> 2020-08-14 10:26:38 -0700
committer: Benedict Wong <benedictwong@google.com> 2020-09-28 20:55:55 -0700
commit: 5113da7e85c2914b0384c6f357ded31dab93d943 (patch)
tree: f96bd3b4cbcbc5ba01a6dc305378efc934d55bf8
parent: bad5c4ec49a6dfc6c0c73dedba6cd5c0a9b27f9b (diff)
2 files changed, 8 insertions, 4 deletions
diff --git a/services/core/java/com/android/server/connectivity/Vpn.java b/services/core/java/com/android/server/connectivity/Vpn.java
index b5d0dc354443..c23f568caa84 100644
--- a/services/core/java/com/android/server/connectivity/Vpn.java
+++ b/services/core/java/com/android/server/connectivity/Vpn.java
@@ -2143,7 +2143,11 @@ public class Vpn {
                 break;
         }
 
-        // Prepare arguments for mtpd.
+        // Prepare arguments for mtpd. MTU/MRU calculated conservatively. Only IPv4 supported
+        // because LegacyVpn.
+        // 1500 - 60 (Carrier-internal IPv6 + UDP + GTP) - 10 (PPP) - 16 (L2TP) - 8 (UDP)
+        //   - 77 (IPsec w/ SHA-2 512, 256b trunc-len, AES-CBC) - 8 (UDP encap) - 20 (IPv4)
+        //   - 28 (464xlat)
         String[] mtpd = null;
         switch (profile.type) {
             case VpnProfile.TYPE_PPTP:
@@ -2151,7 +2155,7 @@ public class Vpn {
                     iface, "pptp", profile.server, "1723",
                     "name", profile.username, "password", profile.password,
                     "linkname", "vpn", "refuse-eap", "nodefaultroute",
-                    "usepeerdns", "idle", "1800", "mtu", "1400", "mru", "1400",
+                    "usepeerdns", "idle", "1800", "mtu", "1270", "mru", "1270",
                     (profile.mppe ? "+mppe" : "nomppe"),
                 };
                 break;
@@ -2161,7 +2165,7 @@ public class Vpn {
                     iface, "l2tp", profile.server, "1701", profile.l2tpSecret,
                     "name", profile.username, "password", profile.password,
                     "linkname", "vpn", "refuse-eap", "nodefaultroute",
-                    "usepeerdns", "idle", "1800", "mtu", "1400", "mru", "1400",
+                    "usepeerdns", "idle", "1800", "mtu", "1270", "mru", "1270",
                 };
                 break;
         }
diff --git a/tests/net/java/com/android/server/connectivity/VpnTest.java b/tests/net/java/com/android/server/connectivity/VpnTest.java
index de1c5759ee87..565f11c8b5b4 100644
--- a/tests/net/java/com/android/server/connectivity/VpnTest.java
+++ b/tests/net/java/com/android/server/connectivity/VpnTest.java
@@ -1090,7 +1090,7 @@ public class VpnTest {
                     new String[] { EGRESS_IFACE, "l2tp", expectedAddr, "1701", profile.l2tpSecret,
                             "name", profile.username, "password", profile.password,
                             "linkname", "vpn", "refuse-eap", "nodefaultroute", "usepeerdns",
-                            "idle", "1800", "mtu", "1400", "mru", "1400" },
+                            "idle", "1800", "mtu", "1270", "mru", "1270" },
                     deps.mtpdArgs.get(10, TimeUnit.SECONDS));
             // Now wait for the runner to be ready before testing for the route.
             legacyRunnerReady.block(10_000);
author	Benedict Wong <benedictwong@google.com>	2020-08-14 10:26:38 -0700
committer	Benedict Wong <benedictwong@google.com>	2020-09-28 20:55:55 -0700
commit	5113da7e85c2914b0384c6f357ded31dab93d943 (patch)
tree	f96bd3b4cbcbc5ba01a6dc305378efc934d55bf8
parent	bad5c4ec49a6dfc6c0c73dedba6cd5c0a9b27f9b (diff)