[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] Re: can't get linux-windows working (newbie)


  • Subject: Re: [Openvpn-users] Re: can't get linux-windows working (newbie)
  • From: "James Yonan" <jim@xxxxxxxxx>
  • Date: Thu, 9 Oct 2003 08:14:53 -0000

Andrew Clarke <spam@xxxxxxxxx> said:

> I don't understand what you mean about explicitly binding samba to an 
> interface or address that the client can see.
> 
> It seems, though, that I am experiencing a problem with any non-trivial 
> data transfer.

The classic symptoms of an MTU problem!

> For instance, I can ssh in, but if I try to do an ls -la 
> on a directory, it locks up that ssh session.  I can still open another 
> ssh session though, so the tunnel itself is still up.
> 
> I know this issue has been discussed before on this list.  As was 
> recommended, I added:
> 
> tun-mtu 1500
> tun-mtu-extra 32
> mssfix

This is not right.  Try:

  tun-mtu 1500
  tun-mtu-extra 32
  mssfix 1300

or

  tun-mtu 1500
  tun-mtu-extra 32
  fragment 1300
  mssfix

The first example fixes MTU problems with TCP only and has a negligable
performance penalty.  In most cases, this is the best option.

The second example performs internal fragmentation on non-TCP protocols, but
adds 4 additional bytes of overhead to every packet.  This is your second
choice if mssfix by itself doesn't solve the problem.

As a diagnostic option, you can also use --test-mtu to have OpenVPN
empirically measure the MTU, so you can pick a more optimal value than 1300.

James


____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users