[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] Re: can't get linux-windows working (newbie)


  • Subject: Re: [Openvpn-users] Re: can't get linux-windows working (newbie)
  • From: Andrew Clarke <spam@xxxxxxxxx>
  • Date: Fri, 10 Oct 2003 06:11:01 -0700

James Yonan wrote:

Andrew Clarke <spam@xxxxxxxxx> said:



I don't understand what you mean about explicitly binding samba to an interface or address that the client can see.

It seems, though, that I am experiencing a problem with any non-trivial data transfer.



The classic symptoms of an MTU problem!



For instance, I can ssh in, but if I try to do an ls -la on a directory, it locks up that ssh session. I can still open another ssh session though, so the tunnel itself is still up.

I know this issue has been discussed before on this list. As was recommended, I added:

tun-mtu 1500
tun-mtu-extra 32
mssfix



This is not right. Try:

 tun-mtu 1500
 tun-mtu-extra 32
 mssfix 1300

or

 tun-mtu 1500
 tun-mtu-extra 32
 fragment 1300
 mssfix

The first example fixes MTU problems with TCP only and has a negligable
performance penalty.  In most cases, this is the best option.

The second example performs internal fragmentation on non-TCP protocols, but
adds 4 additional bytes of overhead to every packet.  This is your second
choice if mssfix by itself doesn't solve the problem.

As a diagnostic option, you can also use --test-mtu to have OpenVPN
empirically measure the MTU, so you can pick a more optimal value than 1300.

James



Thank you very much!  This really seems to have done the trick.

- Andrew.



____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users