  Subject: [Openvpn-users] Re: can't get linux-windows working (newbie)
  From: Luc Van der Veken <lucvdv@xxxxxxxx>
  Date: Thu, 09 Oct 2003 10:37:03 +0200

On Wed, 08 Oct 2003 13:13:55 -0700, Andrew Clarke <spam@xxxxxxxxx>

> I don't understand what you mean about explicitly binding samba to an 
> interface or address that the client can see.
> It seems, though, that I am experiencing a problem with any non-trivial 
> data transfer.  For instance, I can ssh in, but if I try to do an ls -la 
> on a directory, it locks up that ssh session.  I can still open another 
> ssh session though, so the tunnel itself is still up.
> I know this issue has been discussed before on this list.  As was 
> recommended, I added:
> tun-mtu 1500
> tun-mtu-extra 32
> mssfix

You probably need a lower MTU.  Setting up a connection works because
the pakets aren't that large, once more data start being exchanged
they may grow, and if there's a blackhole router somewhere along the
way it will just drop them.

For two different clients of the same cable ISP, both connecting to
the same DSL client, I had to lower the MTU for one while it wasn't
necessary for the other.  The one with the problem was using a DOCSIS
modem, the other an older CLDP, but I don't know if that's what caused

If you disable compression, you can try to determine the optimal value
by pinging with different packet sizes with the "don't fragment" flag

Try 1472 bytes as size first: if that works you don't need to lower
the MTU (1472 becomes 1500 bytes after the packet header is added).

On windows you can use a command line like
  ping -f -l <packetsize> <address>

On BSD/OsX/*n*x you better do 'man ping' first, it looks like
different versions are going around with different switch letters
(sometimes no fragmenting is -D, sometimes it's '-M do').

