Even if they fix the PMTU issues, I'm not sure OpenVPN supports PMTUD (based on my own testing) so I think it is probably best if you either a) support IPv6 natively, b) reduce your MTU to accommodate NAT64 or c) use TCP transport so that TCP MSS rewriting can fix your problem. Either way, I am just giving you what works for me, so you're free to take the advice or leave it.
Cheers KM -----Original Message----- From: Frank [mailto:ve2...@ve2cii.com] Sent: September 26, 2018 09:43 To: Kristian McColm <kristianmcc...@hotmail.com>; j.witvl...@mindef.nl; g...@greenie.muc.de Cc: aleksandar.ivanise...@2e-systems.com; openvpn-users@lists.sourceforge.net Subject: Re: [Openvpn-users] iphone7 with keynote Hi, The server is ours. And I look after it so I can so what I want. I think it is best to wait till Rogers straightens out their issues, rather than trying to fix someone else's problems. On 9/26/18 09:23, Kristian McColm wrote: > Hi Frank, > > If you have access to the server configuration, try setting link-mtu 1440. > Rogers had an MTU of 1460 previously but recently migrated all their iPhone > devices to IPv6 only, which requires NAT64 if your VPN server is IPv4-only. > This reduces the MTU by 20 bytes. There appear to be issues with path MTU > discovery on UDP on Rogers right now, and I am not sure about OpenVPN PMTUD > support, but make sure your server (if it is yours) can support PMTUD to be > on the safe side. > > Regards > Kristian > > > -----Original Message----- > From: Frank [mailto:ve2...@ve2cii.com] > Sent: September 26, 2018 08:51 > To: j.witvl...@mindef.nl; g...@greenie.muc.de > Cc: aleksandar.ivanise...@2e-systems.com; > openvpn-users@lists.sourceforge.net > Subject: Re: [Openvpn-users] iphone7 with keynote > > I want to thank everyone for the help. At this point it looks like > Rogers is having issues with their support of vpn on their routers/switches. > Lots of complaints. So I removed the mtu change from the client and am just > using whatever it uses for default. So i am saying that this issue has been > solved and am waiting for Rogers to fix their network. Thanks again. > > On 9/26/18 03:22, j.witvl...@mindef.nl wrote: >> You are aware that setting the MTU is dangerous? >> In case some part of your route requires a lower MTU, you're screwed. >> If you dictate a value of 1492, it will do so, even if an other router only >> can handle 1300.... >> >> >> -----Original Message----- >> From: Frank [mailto:ve2...@ve2cii.com] >> Sent: dinsdag 25 september 2018 18:50 >> To: Gert Doering >> Cc: Aleksandar Ivanisevic; openvpn-users@lists.sourceforge.net >> Subject: Re: [Openvpn-users] iphone7 with keynote >> >> Hi, (Another issue) >> >> I got the profile imported and working. I made some changes to >> the myvpn.ovpn file as follows and I am still getting this error at >> the server: >> >> Tue Sep 25 12:45:46 2018 read UDPv4 [EMSGSIZE Path-MTU=1440]: Message >> too long (code=90) Tue Sep 25 12:45:46 2018 read UDPv4 [EMSGSIZE >> Path-MTU=1440]: Message too long (code=90) >> >> Seems it is not taking the mtu size changes >> >> I added this to my myvpn.ovpn file tun-mtu 1492 mssfix 1400 >> >> >> On 9/25/18 11:23, Gert Doering wrote: >>> Hi, >>> >>> On Tue, Sep 25, 2018 at 10:11:47AM -0400, Frank wrote: >>>> I tried this (successfully imported the files as a .ovpn12 >>>> file) and am stuck. It is still looking for the .key and .crt files. >>>> >>>> My myvpn.ovpn file contains: >>>> >>>> ca ca.crt >>>> cert ve2cii_iphone7.crt >>>> key ve2cii_iphone7.key >>>> >>>> I think I need to change this to point to the .ovpn12 file?? I am >>>> not sure. >>> The easiest way is to just include the files into the .ovpn file >>> >>> <ca> >>> (include the content of ca.crt here, "exactly as it is in the >>> ca.crt file") </ca> <cert> >>> (include the content of ve2cii_iphone7.crt here) </cert> <key> >>> (include the content of ve2cii_iphone7.key here) </key> >>> >>> and remove the "ca/cert/key" lines pointing to external files. >>> >>> gert >>> >>> >> >> _______________________________________________ >> Openvpn-users mailing list >> Openvpn-users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/openvpn-users >> >> Dit bericht kan informatie bevatten die niet voor u is bestemd. Indien u >> niet de geadresseerde bent of dit bericht abusievelijk aan u is toegezonden, >> wordt u verzocht dat aan de afzender te melden en het bericht te >> verwijderen. De Staat aanvaardt geen aansprakelijkheid voor schade, van >> welke aard ook, die verband houdt met risico's verbonden aan het >> elektronisch verzenden van berichten. >> >> This message may contain information that is not intended for you. If you >> are not the addressee or if this message was sent to you by mistake, you are >> requested to inform the sender and delete the message. The State accepts no >> liability for damage of any kind resulting from the risks inherent in the >> electronic transmission of messages. >> > > > _______________________________________________ > Openvpn-users mailing list > Openvpn-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/openvpn-users _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
