Hi, On Tue, Jul 23, 2019 at 05:34:47PM +0300, Lev Stipakov wrote: > From: Lev Stipakov <l...@openvpn.net> > > This is the 2.4 backport of master patch (commit d22ba6b). > > NCP negotiation replaces worst cast crypto overhead > with actual one in data channel frame. That frame > params are used by mssfix. > > Fragment frame still contains worst case overhead. > Because of that TCP packets are fragmented, since > MSS value exceeds max fragment size. > > Fix by replacing worst case crypto overhead with > actual one for fragment frame, as it is done for data > channel frame.
Thanks for the backport.
Unfortunately, I can not reproduce the problem *without* the patch,
so I wonder if the issue got fixed by something else as side-effect?
If I do what you describe in the ticket:
run
openvpn --fragment 1300 --mssfix
and grep out the MSS lines, I get (for IPv4, IPv6 numbers are -20 bytes):
with NCP: MSS: 1460 -> 1203
--ncp-disable: MSS: 1284 -> 1211
... and the very same numbers from master...
OpenVPN versions tested:
OpenVPN 2.4.7 [git:release/2.4/416532f8e4125adb+]
OpenVPN 2.5_git [git:master/b5fe104ddbbdf59b+]
So, I'm wondering how to proceed here...
gert
--
"If was one thing all people took for granted, was conviction that if you
feed honest figures into a computer, honest figures come out. Never doubted
it myself till I met a computer with a sense of humor."
Robert A. Heinlein, The Moon is a Harsh Mistress
Gert Doering - Munich, Germany g...@greenie.muc.de
signature.asc
Description: PGP signature
_______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
