Am 05.03.25 um 17:08 schrieb Dan Langille:
I would be curious to see if you are able to send traffic directly from host to host without any VPN involved, though I think simply testing the remote end's ability to download a large file successfully could be more important. The hosts have been in place for years. This is not a new VPN - it's been around about 10 years. What is new: the gateway. It was replaced. It went from pfSense to vanilla FreeBSD. I think I'm missing some of the magic pfSense did in the configuration.
Hi Dan, This smells like packet size. Standard ICMP (ping) packets are too small to see anything. Did you fiddle with max-mtu/link-mtu in the OpenVPN config? Try to perform Path MTU Discovery manually (ping -M do -s xxxx <client address>). Then on the client side set OpenVPN *link-mtu* value to the actual MTU minus 28. Or rely on OpenVPN to discover the correct value by using mtu-test in the client config. The ping will fail for me on xxxx=1474 and suffice on xxxx=1472 against one of my OpenVPN clients. https://www.reddit.com/r/networking/comments/18b3y8h/packet_size_issues_over_vpn/ https://community.zyxel.com/en/discussion/14013/ssl-vpn-disconnect-due-to-invalid-packet-size Regards, Udo
smime.p7s
Description: Kryptografische S/MIME-Signatur
_______________________________________________ Bacula-users mailing list Bacula-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bacula-users
