Top posting: This is exactly right - many ISP's are *NOT* generating/returning the ICMP "Fragmentation needed" responses - in which case, your reliance on PMTU will result in a completely failed connection. [For my users, at least, that's the *MOST UNDESIRABLE* option of any.]
Using a smaller MTU than the maximum available does make transmissions slightly more inefficient. [Less data in each packet, and a fixed header, means that the data:header ratio gets worse.] But hey, slightly decreased efficiency vs no-worky [along with upset, frustrated users, upset frustrated IT folk, missed opportunities, calls while I'm on vacation etc.] Well, given my life, I'll choose the slightly-less-efficient-and-worky-all-the-time-without-hassle-every-single-time choice. -Greg KM> Even if they fix the PMTU issues, I'm not sure OpenVPN supports KM> PMTUD (based on my own testing) so I think it is probably best if KM> you either a) support IPv6 natively, b) reduce your MTU to KM> accommodate NAT64 or c) use TCP transport so that TCP MSS KM> rewriting can fix your problem. Either way, I am just giving you KM> what works for me, so you're free to take the advice or leave it. KM> Cheers KM> KM KM> -----Original Message----- KM> From: Frank [mailto:ve2...@ve2cii.com] KM> Sent: September 26, 2018 09:43 KM> To: Kristian McColm <kristianmcc...@hotmail.com>; KM> j.witvl...@mindef.nl; g...@greenie.muc.de KM> Cc: aleksandar.ivanise...@2e-systems.com; KM> openvpn-users@lists.sourceforge.net KM> Subject: Re: [Openvpn-users] iphone7 with keynote KM> Hi, KM> The server is ours. And I look after it so I can so what I KM> want. I think it is best to wait till Rogers straightens out KM> their issues, rather than trying to fix someone else's problems. KM> On 9/26/18 09:23, Kristian McColm wrote: >> Hi Frank, >> If you have access to the server configuration, try setting link-mtu 1440. >> Rogers had an MTU of 1460 previously but recently migrated all their iPhone >> devices to IPv6 only, which requires NAT64 if your VPN server is IPv4-only. >> This reduces the MTU by 20 bytes. There appear to be issues with path MTU >> discovery on UDP on Rogers right now, and I am not sure about OpenVPN PMTUD >> support, but make sure your server (if it is yours) can support PMTUD to be >> on the safe side. >> Regards >> Kristian
_______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
