How to configure MTU correctly?
Posted: Fri May 22, 2020 2:29 pm
Hello everyone,
I manage a server farm on Hetzner, one of the component is OpenVPN server.
Since I switched to to vSwitch (service provided by Hetzner) I started suffering poor performance of OpenVPN connections. For example: slow file transfers, constant disconnects, etc.
My first guess is that I should tune the mtu value, however the documentation offered is not clear at all. So, I will put the example and hope that the community could point me in the right direction.
The mtu for network configuration is set to 1400 (this is a requirement by Hetzner). I put an example:
ens19 is the the external network. ens20 is the internal, this same configuration (changing ip address, obviously) are on other machines in the network.
Openvpn config has nothing about mtu configuration, anyway, I put it here:
local 5.9.XXX.XXX
port 443
proto tcp
topology subnet
dev tun0
ca /etc/openvpn/server/ca.crt
cert /etc/openvpn/server/server.crt
key /etc/openvpn/server/server.key # This file should be kept secret
dh /etc/openvpn/server/dh.pem
server 10.90.0.0 255.255.0.0
client-config-dir /etc/openvpn/server/ccd
keepalive 600 1800
comp-lzo
user openvpn
group nogroup
persist-key
persist-tun
log-append /var/log/openvpn/openvpn-tcp-443.log
verb 6
daemon
writepid /var/run/openvpn-tcp-443.pid
script-security 2
learn-address /etc/openvpn/server/learn-address.sh
crl-verify /etc/openvpn/server/crl.pem
management localhost 7505
So, how exactly should I adjust the MTU?
UPD: Also I noticed that poor performance occurs only when the connection really hits the vSwitch, if the communication occurs between a client and the VM on the same host where OpenVPN Server is deployed everything seems to be fine.
I manage a server farm on Hetzner, one of the component is OpenVPN server.
Since I switched to to vSwitch (service provided by Hetzner) I started suffering poor performance of OpenVPN connections. For example: slow file transfers, constant disconnects, etc.
My first guess is that I should tune the mtu value, however the documentation offered is not clear at all. So, I will put the example and hope that the community could point me in the right direction.
The mtu for network configuration is set to 1400 (this is a requirement by Hetzner). I put an example:
Code: Select all
auto ens19
iface ens19 inet static
address 5.9.XXX.XXX
netmask 255.255.255.255
gateway 5.9.XXX.XXX
pointopoint 5.9.XXX.XXX
dns-nameservers 172.16.1.2
auto ens20
iface ens20 inet static
address 172.16.2.101
netmask 255.255.255.0
mtu 1400
Openvpn config has nothing about mtu configuration, anyway, I put it here:
Server Config
local 5.9.XXX.XXX
port 443
proto tcp
topology subnet
dev tun0
ca /etc/openvpn/server/ca.crt
cert /etc/openvpn/server/server.crt
key /etc/openvpn/server/server.key # This file should be kept secret
dh /etc/openvpn/server/dh.pem
server 10.90.0.0 255.255.0.0
client-config-dir /etc/openvpn/server/ccd
keepalive 600 1800
comp-lzo
user openvpn
group nogroup
persist-key
persist-tun
log-append /var/log/openvpn/openvpn-tcp-443.log
verb 6
daemon
writepid /var/run/openvpn-tcp-443.pid
script-security 2
learn-address /etc/openvpn/server/learn-address.sh
crl-verify /etc/openvpn/server/crl.pem
management localhost 7505
So, how exactly should I adjust the MTU?
UPD: Also I noticed that poor performance occurs only when the connection really hits the vSwitch, if the communication occurs between a client and the VM on the same host where OpenVPN Server is deployed everything seems to be fine.