Most VPN's I've worked with dropped the MTU to 1300 for that very reason. I'd give it a try and see what happens. One thing I would check to see is if OpenVPN also effects the MTU of the physical interface being used, and if it permanently changes it. I ran into an issue where an application would randomly quit working. After doing some digging I found that Cisco AnyConnect had reconfigured the MTU on my wired NIC to 1300, even when the tunnel was disabled.
On Wed, Jun 15, 2016 at 1:46 PM, Karl Fife <[email protected]> wrote: > Has anyone had success adjusting MTU on OpenVPN tunnel adapters to deal > with loss amplification across tunnel networks? > > By default the MTU on an openVPN adapter(s) are set to 1500, but it seems > that performance in lossy conditions might be dramatically improved by > changing the MTU to something smaller to prevent packet fragmentation > across the tunnel network (e.g. to account for the encrypted packet's IP > overhead, such that one packet could be encapsulated by one packet of the > tunnel network). It seems that if the MTU's are the same, one would > invariably end up with frequent fragmentation, greatly increasing the > packet loss amplification on lossy (e.g. wireless) networks, and > exaggerated falloff of application performance as packet loss increases. > This is also consistent with what I observe. > > I understand that this artificial constraint would result in lower > performance in high quality connections, but am I on the right track to > dealing with performance on lossy networks? If this is conceptually > correct, so would I also need to explicitly tell OpenVPN not to fragment in > general? Any big-picture guidance would be much appreciated. > > > > _______________________________________________ > pfSense mailing list > https://lists.pfsense.org/mailman/listinfo/list > Support the project with Gold! https://pfsense.org/gold > -- Heath Barnhart Network Administrator Kansas Research and Education Network 2029 Becker Drive, Suite 282 Lawrence, KS 66047 (785)856-9820 ext 9815 [email protected] _______________________________________________ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
