Hi Gert, On Tue, 3 Sep 2024 21:42:23 +0200, Gert Doering wrote ... > I agree that the decision by Connect to do "1500 byte MTU, but > generate the ICMP itself" (instead of doing ifconfig with lower MTU) > is somewhat questionable - but for the application, the net result > should be the same - packet too big, ICMP message, deal with it.
MacOS is very different from e.g. Linux in this regard. If you set tun-mtu to 1400, the operating system correctly fragments UDP packets larger than interface MTU, or returns EMSGSIZE to sendto() call if the DF bit was set on the socket. However, for non-TCP sockets, MacOS doesn't react on received ICMP Fragmentation needed. PMTU discovery is only available for TCP and I have it enabled: net.inet.tcp.path_mtu_discovery: 1 Thus approach implemented by OpenVPN Connect doesn't work at all on MacOS and results in blackholing of non-TCP packets larger than mssfix. With kind regards, MD _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
