Setting correct MTU for OpenVPN
Home/Troubleshooting/Setting correct MTU for OpenVPN
Table of Contents
Symptoms of incorrect MTU
Identifying correct MTU
Setting the MTU
VPN connections can be sensitive to incorrect/low MTU set within your network, or on networks between you and your server. It is important that the correct MTU is set, to ensure fast and error-free VPN performance.
Symptoms of incorrect MTU
Slow VPN performance
Incomplete page load of resources via HTTP over VPN (ie. PHPMyAdmin, Munin, Monit etc.) Eg.
Only the page title loaded in the browser
Partial/incomplete page load, missing CSS/JSS
Identifying correct MTU
Discovering the correct MTU is very straightforward and can be achieved using ping, use the respective following commands (change www.example.com to suit)
On Windows
ping -n 1 -l 1500 -f www.example.com
On Linux
ping -M do -s 1500 -c 1 www.example.com
On OSX
ping -D -v -s 1500 -c 1 www.example.com
Decrease the 1500 value by 10 each time, until the ping succeeds. Once the ping succeeds, the value used is the MTU you should use.
Setting the MTU
OpenVPN requires a value called the MSS to be set. The MSS is the value for the MTU minus 40).
Eg. If your MTU is 1460, your MSS is 1420
MSS = MTU – 40
MSS = 1460 – 40
MSS = 1420
To set the MSS for OpenVPN, in your OpenVPN configuration file (the file originally sent ending in .ovpn), add the following configuration line (replacing 1420 with the appropriate value).
mssfix 1420
Sobre o Autor