I can ping through the tunnel, but any real work causes it to lock up. Is this an MTU problem?
Probably. It's best to change the mssfix parameter rather than directly changing the MTU of the TUN/TAP adapter. For example:
You could also combine this with:
Note however that fragment will exact a performance penalty.
Common values to try for mssfix/fragment: 1200, 1300, or 1400.
Note that while mssfix only needs to be specified on one side of the connection, fragment should be specified on both