Hi, On Wed, Jul 30, 2014 at 11:29:18AM +0200, Julien Muchembled wrote: > > I know that part, but the ICMP packets are seen by the kernel, not by > > OpenVPN. So how does the information arrive in OpenVPN? sendto() fails, > > but how does OpenVPN know which max message size will be acceptable? > > Although I didn't try all MTU-related options of OpenVPN, it seems to > ignore EMSGSIZE.
Well, handling that error will not lead anywhere, as it just tells us
"the packet got lost, because it was too big". More interesting is the
information "so, how big is 'not too big'" and that won't be in the
error code, but most likely in ancilliary socket data.
I'll go and find out...
> It's not something I planned to study immediately and I don't know how to get
> the maximum message size programmatically (I could look at the code of ping).
>
> What I can say is by only adding '--mtu-disc yes' option, the MTU of the
> tun/tap interface remains 1500 and does not change automatically to anything
> else. If a packet is small enough for mtu=1500 but too big for the underlying
> network, then it's simply dropped.
We won't change the interface MTU (because on half the platforms, we can't,
or it won't have an effect), but OpenVPN is likely to fragment internally.
So "--mtu-disc yes" would need to go along with "--fragment".
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025 g...@net.informatik.tu-muenchen.de
pgphuoJnddiNG.pgp
Description: PGP signature
