I'm trying to figure out, how to properly configure OpenVPN's MTU setting(s)...
The manual states to leave the default settings alone and let OpenVPN handle everything...
Sets an upper bound on the size of UDP packets which are sent between OpenVPN peers. It’s best not to set this parameter unless you know what you’re doing.
Take the TUN device MTU to be n and derive the link MTU from it (default=1500). In most cases, you will probably want to leave this parameter set to its default value.The MTU (Maximum Transmission Units) is the maximum datagram size in bytes that can be sent unfragmented over a particular network path. OpenVPN requires that packets on the control or data channels be sent unfragmented.
The remote server sets the following values:
The connection on which the OpenVPN connection is established over is able to transmit at maximum MTU size of 1500 byte.
I assume link-mtu sets the final maximum packet size OpenVPN will be using?
So 1557 is too large?
The connection log shows:
OPTIONS IMPORT: adjusting link_mtu to 1624
Which is even larger?
To get a link mtu of 1500 I have to use 1376 as tun mtu.
Setting link mtu directly to 1500 doesn't work. As the server can push options that change the MTU.
I don't have the exact message...but it was something like:
WARNING: adjusting tun/link mtu to < value - 3 > (because of peerid), expect MTU issues.
But setting the MTU tun MTU (to 1376) seems to work fine... but is this the proper way to do it?
It also seems like that OpenVPN doesn't automatically adjust the mssfix option along with the tun/link MTU changes?
With a tun mtu of 1376 (which does set the MTU of the tun interface itself to 1376) cake showed a max packet value of 1450. MSS clamp is also turned on in the firewall's zone setting.
Is it because cake "sees" the packet before TCP has settled the final MSS value?
Which brings me to my next question.
What overhead and MPU setting should be set for cake?
124? (1624-1500 = 124 / 1500 - 1376 = 124)
Or 142? 124 + Ethernet Header (18)?
The VPN traffic is encapsulated in Ethernet (18 bytes) + IP Header (20 bytes) + UDP Header (8 bytes) = 46 bytes + the overhead from openvpn itself? Which is 96 bytes ? (124-28)
What about the minimum packet size? Minimum packet size for ethernet seems to be 64 bytes.
So is it 64 + 28 = 92 ? or is it 64+124 = 188 ? Or 64 + 142 = 206 ?
And is it possible to pass the link / tun MTU value to an OpenVPN custom hotplug script?
I know there is /etc/openvpn.user but does it only support $ACTION and $INTERFACE?