Hi,
> with NCP: MSS: 1460 -> 1203 > --ncp-disable: MSS: 1284 -> 1211 > > ... and the very same numbers from master... > > So, I'm wondering how to proceed here... > As it turns out, the fix is correct but explanation is not quite clear. The problem is not in incorrect MSS value (it is correct), but inside openvpn's fragmentation logic, which decides "to fragment or not to fragment". Without this patch, fragmentation logic incorrectly uses max crypto overhead when calculating packet size. It exceeds fragment size and openvpn peforms fragmentation: > sudo tcpdump port 1194 13:59:06.956394 IP server.fi.openvpn > nat2.panoulu.net.openvpn: UDP, length 652 13:59:06.956489 IP server.fi.openvpn > nat2.panoulu.net.openvpn: UDP, length 648 With this patch, an actual crypto overhead is used and no unnecessary fragmentation is performed: > sudo tcpdump port 1194 13:58:08.685915 IP server.fi.openvpn > nat2.panoulu.net.openvpn: UDP, length 1272 13:58:08.686007 IP server.fi.openvpn > nat2.panoulu.net.openvpn: UDP, length 1272 I will send v3 with a better explanation. -- -Lev
_______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
