Hi Antonio, on MacOS, ICMP Fragmentation needed messages only work for TCP protocol. They are never delivered to any UDP application. For this reason, sending ICMP messages is useless for anything else than TCP on MacOS.
But the main problem here is, that mssfix OpenVPN config option was intended to manipulate solely the MSS parameter in TCP SYN packets and nothing else. It's completely valid approach to configure OpenVPN to send TCP traffic without fragmentation by reducing MSS, but allow full 1500-byte packets for UDP and other protocols. To prevent fragmentation for *all* protocols, tun-mtu should be lowered instead. But for unknown reason, OpenVPN Connect tries to (ab)use completely unrelated config option to achieve the same effect, unfortunately its implementation is not suitable for all operating systems. With kind regards, MD On Tue, 3 Sep 2024 15:53:36 +0200, Antonio Quartulli wrote > Hi Marian, > > I am back on this topic. > > On 17/05/2024 08:10, Marian Ďurkovič wrote: > > [...] > > > Perhaps someone from this group could explain to OpenVPN Connect > > developers, that breaking OpenVPN and basic networking principles is never > > a good idea... > > since QUIC packets come with the DF bit set and OpenVPN is sending > back an ICMP packet-too-big, why isn't QUIC just handling that? IT > seems QUIC is ignoring the ICMP message? > > You said OpenVPN Connect is blackholing the packets, but it is > actually sending the ICMP back, so I don't think it can truly be > considered as such. Wouldn't you agree? > > Cheers, > > -- > Antonio Quartulli _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
