Hello, I asked about --link-mtu in #openvpn on Freenode and was sent here.
The documentation states "Sets an upper bound on the size of UDP packets which are sent between OpenVPN peers." and it isn't entirely clear if this is the UDP payload or the entire packet. So assuming a link (path) MTU of 1500 do I need to use --link-mtu 1500 or --link-mtu 1472 to prevent fragmentation? It would be nice if the documentation could be enhanced to make that clear (I could write a patch when I know which interpretation is correct). The default MTU on the tun interface also has me confused. Why is it 1500 which will definitely cause fragmentation on a link with default MTU 1500. Shouldn't it default to the result of --link-dest 1500 (or 1472, see above) which seems to subtract ~100 for OpenVPN overhead? OpenVPN seems to adapt MSS for TCP traffic to circumvent MTU problems (not sure how the correct MSS is calculated, but it seems to work fine), but this doesn't help when tunneling UDP traffic which caused fragmentation in my case. And lastly, how does path MTU discovery work with OpenVPN? The --mtu-disc seems not to work as expected. =yes sets the DF-flag which then just drops all packets > PMTU, breaking PMTUD for all traffic over the tunnel. The other two options seem to have no effect. I only found [1]. How is --mtu-disc supposed to work and when and how should it be used? Shouldn't PMTUD be used to detect the link MTU and then set the corresponding MTU (minus overhead) of the tun interface to prevent fragmentation automatically? Or is this not possible? Regards Simon [1]: https://community.openvpn.net/openvpn/ticket/375 -- + privacy is necessary + using gnupg http://gnupg.org + public key id: 0x92FEFDB7E44C32F9
signature.asc
Description: PGP signature
------------------------------------------------------------------------------
_______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
