Problem with current 4.4 kernels
I have installed 4.4 rom latest, also using kernels suitable. My problem is that when I use VPN apps like OpenVPN connect, the connection speed gets very slow. I checked the logcat and find errors like:
exec() res=0, status=256 for /system/bin/iptables -t mangle -D st_mangle_POSTROUTING -p tcp -o tun0 --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
12-26 16:04:17.561: I/ip6tables(131): ip6tables: No chain/target/match by that name.
12-26 16:04:17.568: I/ip6tables(131): ip6tables terminated by exit(1)
I have searched this problem and found something useful (prevent spam):
SecondaryTableController: force the MSS to match pmtu on TCP SYN
Without this change, the VPN sets up a tun/ppp that needs a small
MTU, and during TCP SYN the MSS will end up matching the outgoing iface
MTU which is potentially too big.
This leads to connection flakiness. The wrong MSS is visible by
tcpdump-ing on the tun/ppp device.
With this change, the MSS now is correct.
It requires the kernel to be configured with
If kernel is not configured, it silently fails.
So I did look for a 4.4 kernel with this config enabled, I have checked config source of all current 4.4 kernels including franko,Mpokang,ASKP,Fancy, etc, but sadly I did not find one. I guess the reason is it's not included is because the code change happened not a long time ago, and for the same time the Galaxy Nexus kernel stood unupdated.
If kernel developers see this thread, thanks for all of your hard work and I wish you can check if the config is the reason of my problem. It will be better if I can post this thread in the development section, but it seems it's forbidden.