?
Solved

Netgear DG834G and OpenVPN

Posted on 2005-04-05
4
Medium Priority
?
2,100 Views
Last Modified: 2008-01-09
Got a problem with this.

I have OpenVPN working internally between machines and I now need to get this working between an external and internal machine.   OpenVPN uses port 1194 by default so it should be a simple matter of adding a port routing on the router to send all UDP 1194 packets to the VPN server internally (outgoing packets are now restricted).

When trying from the outside, the router is getting the client packets and apparently passing them on to the server (from the router log), but the server is either not getting them or ignoring them.

I noticed that the OpenVPN standard MTU is 1500 but the router for some reason is set to 1458.
Both the client and server configuration use the default 1500.

I presume if the MTU is smaller on the router, then the server may not be getting the full 1500 packet sent.
Any idea why the router may have a smaller 1458 size?

What's the downside of the reduding the OpenVPN MTU to match the router?

Thanks
Gary
0
Comment
Question by:countytechnologies
  • 2
  • 2
4 Comments
 
LVL 13

Expert Comment

by:td_miles
ID: 13715574
the reason for the MTU being less is to allow for extras added by the packet headers.

http://www.experts-exchange.com/Operating_Systems/Win2000/Q_10335578.html

I would suggest changing your MTU on OpenVPN. It is trying to use the 1500 MTU that is standard for ethernet.

0
 

Author Comment

by:countytechnologies
ID: 13715661
The OpenVPN documents suggest leaving the standard 1500 MTU but using something called fragment size?

So in the config file:
 dev tun
 tun-mtu 1500
 fragment 1400
 mssfix

However, I would guess that if the router is set to 1458, then somethings going to get lost?
Any comments?
0
 
LVL 13

Accepted Solution

by:
td_miles earned 2000 total points
ID: 13733342
This was a discussion that I had with lrmoore previously on the same topinc:

http://www.experts-exchange.com/Security/Firewalls/Q_21034711.html

You shouldn't have this problem though, as your OpenVPN client should be able to fragment the packets before it encrypts them. I would try setting the tun-mtu to the MTU of your router and then  the fragment setting a bit lower than that.

The only consequence of this if it works is that you mave have slightly less thoughput than you might with higher MTU's as more packets will be framented, resulting in more overhead.
0
 

Author Comment

by:countytechnologies
ID: 13750912
Thanks for all the info.   Its been an interesting trip getting this to work.
In the end, I discovered I could increase the MTU on the router to 1500, so all standard now and working.

I have to say that the MTU settings do seem a little restrictive when creating VPNs over the internet. Presumably at some stage I'm going to be attached to an internet connection where some router, somewhere is going to have an MTU less than 1500!   Is this a problem in reality?

Many thanks
G.
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Juniper VPN devices are a popular alternative to using Cisco products. Last year I needed to set up an international site-to-site VPN over the Internet, but the client had high security requirements -- FIPS 140. What and Why of FIPS 140 Federa…
If you use NetMotion Mobility on your PC and plan to upgrade to Windows 10, it may not work unless you take these steps.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…
Suggested Courses

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question