#13967 (NatNetwork limits mtu) – Oracle VM VirtualBox

VPN provider: ExpressVPN Connection type: tun Host types: Debian-based, in this case an ESXi VM, but in the past a QNAP with the same behaviour. Policy route method: LAN rule out, by source IP, specifies gateway to be interface of OpenVPN connection, also tags with and is matched on a floating rule on WAN to be dropped (to act as killswitch). Later you say you have a VPN that the packets are coming in on. What is the MTU on the VPN? You also say: But strangely, when I change the mtu to 1200, i get packet loss between 30% and 100%, sometimes fragmenting the packets, sometimes not… I assume this is the VPN? Or is it on the FreeBSD host? This is where Wireshark can come in handy. So unless openvpn is started from a session where the memlock limit is increased to a large enough value, do not drop privileges when using mlock. The required limit is dependent on client config, libraries linked in etc., but 100MB should good enough -- I see a virtual memory peak of 55MB for an instance running here and 27 MB for another. openvpnのmssの設定を修正する. openvpnでは、mssと呼ばれる値を設定する必要があります。mssは、mtuから40を引いた値です。 たとえば、mtuが1340の場合、mssは1300です。

I used mtu-test on the client and determined that the MTU size is 997. Using this, I tried the settings (using UDP) tun-mtu 1500. fragment 1000. mssfix. and I'm happy to report that the connection is stable, and fairly fast. Not as fast as the PPTP VPN, but not bad (about 2/3 the speed by unscientific and subjective measures)

VPN provider: ExpressVPN Connection type: tun Host types: Debian-based, in this case an ESXi VM, but in the past a QNAP with the same behaviour. Policy route method: LAN rule out, by source IP, specifies gateway to be interface of OpenVPN connection, also tags with and is matched on a floating rule on WAN to be dropped (to act as killswitch). Later you say you have a VPN that the packets are coming in on. What is the MTU on the VPN? You also say: But strangely, when I change the mtu to 1200, i get packet loss between 30% and 100%, sometimes fragmenting the packets, sometimes not… I assume this is the VPN? Or is it on the FreeBSD host? This is where Wireshark can come in handy. So unless openvpn is started from a session where the memlock limit is increased to a large enough value, do not drop privileges when using mlock. The required limit is dependent on client config, libraries linked in etc., but 100MB should good enough -- I see a virtual memory peak of 55MB for an instance running here and 27 MB for another. openvpnのmssの設定を修正する. openvpnでは、mssと呼ばれる値を設定する必要があります。mssは、mtuから40を引いた値です。 たとえば、mtuが1340の場合、mssは1300です。

OpenVPN / [Openvpn-users] how to troubleshoot mtu settings

Both peers > run OpenVPN 1.5.0. > > I initially suspected a wrong MTU setting but using > the values proposed by mtu-test did not fix the > problem. > This is a portion of my config file (both peers use > the same mtu, dev, proto settings) : > > proto udp > dev tun0 > ifconfig 192.168.2.10 192.168.2.100 > link-mtu 1293 Try getting rid of the Additionally, some PCs may use several Network Adapters or a VPN client adapter on one PC so you must verify you are changing the Network Adapter associated with your broadband service or VPN client. • The built in PPPoE client for Windows XP uses an MTU that is set to 1480.