[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Web openvpn.net

Re: [Openvpn-users] Re: can't get linux-windows working (newbie)

  • Subject: Re: [Openvpn-users] Re: can't get linux-windows working (newbie)
  • From: Andrew Clarke <spam@xxxxxxxxx>
  • Date: Fri, 10 Oct 2003 06:11:01 -0700

James Yonan wrote:

Andrew Clarke <spam@xxxxxxxxx> said:

I don't understand what you mean about explicitly binding samba to an interface or address that the client can see.

It seems, though, that I am experiencing a problem with any non-trivial data transfer.

The classic symptoms of an MTU problem!

For instance, I can ssh in, but if I try to do an ls -la on a directory, it locks up that ssh session. I can still open another ssh session though, so the tunnel itself is still up.

I know this issue has been discussed before on this list. As was recommended, I added:

tun-mtu 1500
tun-mtu-extra 32

This is not right. Try:

 tun-mtu 1500
 tun-mtu-extra 32
 mssfix 1300


 tun-mtu 1500
 tun-mtu-extra 32
 fragment 1300

The first example fixes MTU problems with TCP only and has a negligable
performance penalty.  In most cases, this is the best option.

The second example performs internal fragmentation on non-TCP protocols, but
adds 4 additional bytes of overhead to every packet.  This is your second
choice if mssfix by itself doesn't solve the problem.

As a diagnostic option, you can also use --test-mtu to have OpenVPN
empirically measure the MTU, so you can pick a more optimal value than 1300.


Thank you very much!  This really seems to have done the trick.

- Andrew.

Openvpn-users mailing list