Hi, On Fri, Jun 24, 2022 at 12:52:23PM +0200, Arne Schwabe wrote: > I still think this is a reasonable change. Yes, it might break in some > very obscure setups but for those setups, people can still set the MTU > back to 1500. Tap still uses the 1500 default anyway.
It will break all setups that have openvpn "in the path" and something
else that throws away ICMP fragmentation required messages.
Like
Host A ---(1500)--> OpenVPN --(1400)--> Host B
if Host A sends a 1500 byte packet with DF bit (or IPv6), the network
stack on the OpenVPN server needs to return an ICMP "packet too big"
message. If that gets lost - and there are too many folks that do throw
away ICMP packets - we have a black hole.
We see this in commercial VPN setups as well - having a large-enough
MTU for the occasional UDP (or whatever else) packet, and ensuring TCP
packets are of the desirable packet size by means of MSS manipulation
is more robust.
So, still NAK on changing the default. Turning your argument around:
whoever things they need this can enable this on their own.
gert
--
"If was one thing all people took for granted, was conviction that if you
feed honest figures into a computer, honest figures come out. Never doubted
it myself till I met a computer with a sense of humor."
Robert A. Heinlein, The Moon is a Harsh Mistress
Gert Doering - Munich, Germany g...@greenie.muc.de
signature.asc
Description: PGP signature
_______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
