Hi,
On 29/10/18 18:08, Gert Doering wrote:
Hi,
On Mon, Oct 29, 2018 at 05:40:04PM +0100, Jan Just Keijser wrote:
So, the '32' is easily explained. However, the rest of the MTU
calculation baffles me.
Part of this is "peer-id" (+3 bytes) and "the theoretical maximum
crypto + hmac overhead" which 2.3 calculates "for the cipher chosen"
and 2.4 needs to calculale for the worst-case cipher+auth, since it does
not know what the server will push.
In other words, you do not want to know :-) - and the whole "match
configured client/server tun-mtu/link-mtu OCC thingie" is a real nuisance.
so I now understand the client MTU:
openvpn 2.3.18 -> mtu = 1431
openvpn 2.4.6 -> mtu = 1428 which accounts for peer-id (+3)
but the *server* mtu?!?!?! I would have expected that with
--ncp-disable added I would end up with more or less the same MTU as
with the 2.3 code. Instead I see
openvpn 2.3.18 -> mtu = 1431
openvpn 2.4.6 -> mtu = 1379
which is 62 bytes LESS , so even with peer-id subtracted (does it apply
to the server MTU?) I end up with 59 bytes unaccounted for *in tun mode*.
cheers,
JJK
_______________________________________________
Openvpn-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openvpn-users
