[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] An optimal "tun-mtu" value?



Hi!
 
ping uses very small packets, so that problem is not related to MTU.
As for TLS errors, they could be anything. Supply more details.
 
In general : Don't fix it if it ain't broken ;-)
 
Regards,
David
 


From: greek ordono [mailto:grexk@xxxxxxxxx]
Sent: Fri 27-Jul-07 11:12
To: David Balazic; openvpn-users@xxxxxxxxxxxxxxxxxxxxx
Subject: Re: [Openvpn-users] An optimal "tun-mtu" value?

Hi,

I'm connecting successfully but sometimes I can't ping the server or TLS errors with pocketpc and I'm satisfied with gprs as modem. Any help in improving my config is appreciated. The following is my current config:

SERVER:
local 192.168.2.246
port 443
proto tcp
dev tun

server 192.168.246.0 255.255.255.0
push "dhcp-option DNS 192.168.2.243"
push "dhcp-option DNS 208.67.222.222"
push "dhcp-option DOMAIN moldex.group"
push "route 192.168.2.0 255.255.255.0"
push "redirect-gateway"
client-to-client
ifconfig-pool-persist ipp.txt 10
keepalive 10 120
# play with 600-1400
tun-mtu 600
# don't change me
mssfix 1200ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/server.crt
key /etc/openvpn/keys/server.key  # This file should be kept secret
dh /etc/openvpn/keys/dh1024.pem
# another burden to connection
#tls-auth /etc/openvpn/keys/tls-auth.key 0
ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/server.crt
key /etc/openvpn/keys/server.key  # This file should be kept secret
dh /etc/openvpn/keys/dh1024.pem
#tls-auth /etc/openvpn/keys/tls-auth.key 0
ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/server.crt
key /etc/openvpn/keys/server.key  # This file should be kept secret
dh /etc/openvpn/keys/dh1024.pem
#tls-auth /etc/openvpn/keys/tls-auth.key 0


CLIENT:
client
dev tun
proto tcp
remote public_ip 443
resolv-retry infinite
float
nobind
keepalive 10 120
tun-mtu 600
mssfix 1200
;user nobody
;group nogroup
persist-key
persist-tun
mute-replay-warnings
ca /etc/openvpn/keys/ca-trustix.crt
cert /etc/openvpn/keys/moldex-desktop-trustix.crt
key /etc/openvpn/keys/moldex-desktop-trustix.key
ns-cert-type server
;tls-auth /etc/openvpn/keys/tls-auth.key 1
comp-lzo

client -->
    telco/firewall -->
       internet -->
          my_firewall/nat_2_vpn_server -->
             vpn_server

TIA
grexk


Get the Yahoo! toolbar and be alerted to new email wherever you're surfing.