Jump to content
Not connected, Your IP: 3.141.32.252
Sign in to follow this  
the100thmonkey

ANSWERED Using mssfix with OpenVPN and ubuntu-network-manager (14.04)

Recommended Posts

Hi again,

 

So, I understand from reading the forums that manually specifying the MTU size is not recommended (out of curiosity, why?), and that instead I should append "mssfix" with a value obtained by pinging a server with various packet sizes until I find one that does not require fragmentation.

 

The question, then, is how

 

To whit, would someone more knowledgeable than me (that would be practically everyone) be able to tell me which file I should append mssfix to, and its location? I've done a fair bit of searching, and can't seem to locate it. I'd also appreciate it if someone could confirm for me that the correct syntax is "mssfix <numercal value>", with a space instead of an "=".

 

Using Eddie 2.1, I can add the argument to the config under Preferences > Advanced > OVPN directives, but I'm not sure what value is suitable - the MTU size I was previously using on my bodge fix doesn't work (I get stuck in a connection loop and have to exit the program). Nor does a packet size that pinging a website shows to work without requiring fragmentation (1460).

 

I'd rather modify the config files for UNM than work with Eddie, if possible, so in the first instance I'd appreciate some help with ubuntu-network-manager configuration, and failing that some help with the client program.

 

Thanks in advance,

 

the100thmonkey

Share this post


Link to post

Many pfSense users use mssfix 1400

 

After normal ip overhead and openvpn overhead, if memory serves me well that would allow a tcp packet of I believe 1412 or something. That means an mss clamped to 1400 should never go above that threshold.

 

The reason you can ping 1460 is because of compression. Some of us have found it is better at high bandwidth speeds to avoid the cpu cost that causes.

 

Manually changing your NIC mtu or specifying linkmtu in openvpn is not recommended. You want to use whatever mtu that is supported by your ISP on your NIC, this is most often 1500 (if it is not, then use whatever it is) What you will want to do is specify (wherever you can add openvpn config options, sorry I don't use that program) tunmtu 1500 (don't confuse this with actual mtu) and mssfix 1400. This will direct openvpn not to pass tcp packets larger than 1400. If that does not work try mssfix 1380 or 1360 etc.

 

Don't confuse yourself trying to understand it, give it a try and see if it helps. As I said, this has been discussed in depth among pfSense users.


Have my guides helped you? Help me keep helping you, use my referral: userbar.png

How to set up pfSense 2.3 for AirVPN

Friends don't let friends use consumer networking equipment!

Share this post


Link to post

Correct.

 

tun-mtu 1500 (glad you caught the dash, i was in a rush) is the default and is also what is pushed by the air servers, however it does not hurt to manually specify it when using mssfix. I have seen odd issues in my logs with tun-mtu when not also manually specified. At the very least it hurts nothing, but could help to manually specify it.


Have my guides helped you? Help me keep helping you, use my referral: userbar.png

How to set up pfSense 2.3 for AirVPN

Friends don't let friends use consumer networking equipment!

Share this post


Link to post

Hi,

 

Well, the folks at Ubuntu have fixed the issue with Network Manager importing .ovpn files - an update was pushed a few days ago, it seems.

 

AirVPN through UNM works now with tun-mtu 1500 and mssfix 1400 appended to the config files automatically generated on the website and imported.

 

Thanks for your help - I learned something today.

 

the100thmonkey

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image
Sign in to follow this  

×
×
  • Create New...