countytechnologies
asked on
Netgear DG834G and OpenVPN
Got a problem with this.
I have OpenVPN working internally between machines and I now need to get this working between an external and internal machine. OpenVPN uses port 1194 by default so it should be a simple matter of adding a port routing on the router to send all UDP 1194 packets to the VPN server internally (outgoing packets are now restricted).
When trying from the outside, the router is getting the client packets and apparently passing them on to the server (from the router log), but the server is either not getting them or ignoring them.
I noticed that the OpenVPN standard MTU is 1500 but the router for some reason is set to 1458.
Both the client and server configuration use the default 1500.
I presume if the MTU is smaller on the router, then the server may not be getting the full 1500 packet sent.
Any idea why the router may have a smaller 1458 size?
What's the downside of the reduding the OpenVPN MTU to match the router?
Thanks
Gary
I have OpenVPN working internally between machines and I now need to get this working between an external and internal machine. OpenVPN uses port 1194 by default so it should be a simple matter of adding a port routing on the router to send all UDP 1194 packets to the VPN server internally (outgoing packets are now restricted).
When trying from the outside, the router is getting the client packets and apparently passing them on to the server (from the router log), but the server is either not getting them or ignoring them.
I noticed that the OpenVPN standard MTU is 1500 but the router for some reason is set to 1458.
Both the client and server configuration use the default 1500.
I presume if the MTU is smaller on the router, then the server may not be getting the full 1500 packet sent.
Any idea why the router may have a smaller 1458 size?
What's the downside of the reduding the OpenVPN MTU to match the router?
Thanks
Gary
ASKER
The OpenVPN documents suggest leaving the standard 1500 MTU but using something called fragment size?
So in the config file:
dev tun
tun-mtu 1500
fragment 1400
mssfix
However, I would guess that if the router is set to 1458, then somethings going to get lost?
Any comments?
So in the config file:
dev tun
tun-mtu 1500
fragment 1400
mssfix
However, I would guess that if the router is set to 1458, then somethings going to get lost?
Any comments?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks for all the info. Its been an interesting trip getting this to work.
In the end, I discovered I could increase the MTU on the router to 1500, so all standard now and working.
I have to say that the MTU settings do seem a little restrictive when creating VPNs over the internet. Presumably at some stage I'm going to be attached to an internet connection where some router, somewhere is going to have an MTU less than 1500! Is this a problem in reality?
Many thanks
G.
In the end, I discovered I could increase the MTU on the router to 1500, so all standard now and working.
I have to say that the MTU settings do seem a little restrictive when creating VPNs over the internet. Presumably at some stage I'm going to be attached to an internet connection where some router, somewhere is going to have an MTU less than 1500! Is this a problem in reality?
Many thanks
G.
https://www.experts-exchange.com/questions/10335578/MTU-setting.html
I would suggest changing your MTU on OpenVPN. It is trying to use the 1500 MTU that is standard for ethernet.