[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] MTU, link-mtu and tun-mtu


  • Subject: Re: [Openvpn-users] MTU, link-mtu and tun-mtu
  • From: Jamie Lokier <jamie@xxxxxxxxxxxxx>
  • Date: Tue, 25 Oct 2005 21:09:38 +0100

James Yonan wrote:
> I'd have to say that one of the "breakthroughs" in improving OpenVPN's MTU
> handling from 1.x to 2.0 was in acknowledging that IP fragmentation and
> PMTU discovery is basically broken on the modern internet, and that the
> most-likely-to-work solution is to either (a) avoid fragmentation in the
> first place (--mssfix), or (b) fragment internally, so that UDP packets
> sent between OpenVPN are never subject to IP fragmentation (--fragment).

How do you prevent the UDP packets sent between OpenVPN from being
fragmented, if you do not know the path MTU between the OpenVPN nodes.
More realistically, what if the path MTU is dynamic because it can be
over whatever strange network the road warrier is plugged into from
time to time.

That's the biggest problem I've had with OpenVPN's MTU handling.
Usually the network I'm using is fine with 1500 byte packets, but
occasionally I've been on networks where those don't work, and my
tunnel stops being reliable.

Unfortunately, the only solution I found was to manually lower the
client end's tun0 MTU to 308, which is of course far from optimal most
of the time, but necessary for it to be reliable some of the time.

Fwiw, I'm using an OpenVPN 2.x client connecting to an OpenVPN 1.x server.

-- Jamie