|
|
Andrew Clarke <spam@xxxxxxxxx> said: > I don't understand what you mean about explicitly binding samba to an > interface or address that the client can see. > > It seems, though, that I am experiencing a problem with any non-trivial > data transfer. The classic symptoms of an MTU problem! > For instance, I can ssh in, but if I try to do an ls -la > on a directory, it locks up that ssh session. I can still open another > ssh session though, so the tunnel itself is still up. > > I know this issue has been discussed before on this list. As was > recommended, I added: > > tun-mtu 1500 > tun-mtu-extra 32 > mssfix This is not right. Try: tun-mtu 1500 tun-mtu-extra 32 mssfix 1300 or tun-mtu 1500 tun-mtu-extra 32 fragment 1300 mssfix The first example fixes MTU problems with TCP only and has a negligable performance penalty. In most cases, this is the best option. The second example performs internal fragmentation on non-TCP protocols, but adds 4 additional bytes of overhead to every packet. This is your second choice if mssfix by itself doesn't solve the problem. As a diagnostic option, you can also use --test-mtu to have OpenVPN empirically measure the MTU, so you can pick a more optimal value than 1300. James ____________________________________________ Openvpn-users mailing list Openvpn-users@xxxxxxxxxxxxxxxxxxxxx https://lists.sourceforge.net/lists/listinfo/openvpn-users |