Andrew Clarke <spam@xxxxxxxxx> said:
I don't understand what you mean about explicitly binding samba to an
interface or address that the client can see.
It seems, though, that I am experiencing a problem with any non-trivial
data transfer.
The classic symptoms of an MTU problem!
For instance, I can ssh in, but if I try to do an ls -la
on a directory, it locks up that ssh session. I can still open another
ssh session though, so the tunnel itself is still up.
I know this issue has been discussed before on this list. As was
recommended, I added:
tun-mtu 1500
tun-mtu-extra 32
mssfix
This is not right. Try:
tun-mtu 1500
tun-mtu-extra 32
mssfix 1300
or
tun-mtu 1500
tun-mtu-extra 32
fragment 1300
mssfix
The first example fixes MTU problems with TCP only and has a negligable
performance penalty. In most cases, this is the best option.
The second example performs internal fragmentation on non-TCP protocols, but
adds 4 additional bytes of overhead to every packet. This is your second
choice if mssfix by itself doesn't solve the problem.
As a diagnostic option, you can also use --test-mtu to have OpenVPN
empirically measure the MTU, so you can pick a more optimal value than 1300.
James