tun-mtu setting

Need help configuring your VPN? Just post here and you'll get that help.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
MatejKovacic
OpenVPN User
Posts: 44
Joined: Wed Jun 19, 2013 9:43 am

tun-mtu setting

Post by MatejKovacic » Wed Jun 19, 2013 9:48 am

Hi, I have set up OpenVPN server and in server config file I have set:
tun-mtu 1450

I restart openvpn service (OS: Ubuntu, service openvpn restart) and after that I try to connect to server with a client (Ubuntu client also).

Connection is successful, but when I check MTU on a client (ifconfig tun0), it says MTU is 1500.

What could be wrong?
Top
User avatar
maikcat
Forum Team
Posts: 4200
Joined: Wed Jan 12, 2011 9:23 am
Location: Athens,Greece
Contact:
Contact maikcat

Re: tun-mtu setting

Post by maikcat » Fri Jun 21, 2013 6:40 am

can you please post configs/logs?

Michael.
Amiga 500 , Zx +2 owner
Long live Dino Dini (Kick off 2 Creator)

Inflammable means flammable? (Dr Nick Riviera,Simsons Season13)

"objects in mirror are losing"
Top
MatejKovacic
OpenVPN User
Posts: 44
Joined: Wed Jun 19, 2013 9:43 am

Re: tun-mtu setting

Post by MatejKovacic » Fri Jun 21, 2013 10:07 am

port 443
proto tcp
dev tun
ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/Server.crt
key /etc/openvpn/keys/Server.key
dh /etc/openvpn/keys/dh4096.pem
tls-auth /etc/openvpn/keys/ta.key 0
crl-verify /etc/openvpn/keys/crl.pem
server 10.10.5.0 255.255.255.0
persist-key
persist-tun
ifconfig-pool-persist /etc/openvpn/ipp.txt
topology subnet
push "topology subnet"
push "redirect-gateway def1"
push "dhcp-option DNS 10.10.5.1"
persist-key
persist-tun
tun-mtu 1450
mtu-disc maybe
user nobody
group nogroup
client-config-dir /etc/openvpn/ccd
comp-lzo yes
push "comp-lzo yes"
keepalive 10 120
verb 4
status /var/log/openvpn/status.log
log /var/log/openvpn/openvpn.log
log-append /var/log/openvpn/openvpn.log

BTW, this config is working, but users with iPads cannot login. Log file says:

VERIFY OK: depth=0, /C=SI/ST=SI/L=***/O=***/CN=***/name=***/emailAddress=***
TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
TLS Error: TLS handshake failed
Fatal TLS error (check_tls_errors_co), restarting
SIGUSR1[soft,tls-error] received, client-instance restarting
TCP/UDP: Closing socket
Top
makaveli6103
OpenVpn Newbie
Posts: 4
Joined: Wed Mar 12, 2014 4:03 am

Re: tun-mtu setting

Post by makaveli6103 » Wed Mar 12, 2014 3:50 pm

MatejKovacic wrote:port 443
proto tcp
dev tun
ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/Server.crt
key /etc/openvpn/keys/Server.key
dh /etc/openvpn/keys/dh4096.pem
tls-auth /etc/openvpn/keys/ta.key 0
crl-verify /etc/openvpn/keys/crl.pem
server 10.10.5.0 255.255.255.0
persist-key
persist-tun
ifconfig-pool-persist /etc/openvpn/ipp.txt
topology subnet
push "topology subnet"
push "redirect-gateway def1"
push "dhcp-option DNS 10.10.5.1"
persist-key
persist-tun
tun-mtu 1450
mtu-disc maybe
user nobody
group nogroup
client-config-dir /etc/openvpn/ccd
comp-lzo yes
push "comp-lzo yes"
keepalive 10 120
verb 4
status /var/log/openvpn/status.log
log /var/log/openvpn/openvpn.log
log-append /var/log/openvpn/openvpn.log

BTW, this config is working, but users with iPads cannot login. Log file says:

VERIFY OK: depth=0, /C=SI/ST=SI/L=***/O=***/CN=***/name=***/emailAddress=***
TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
TLS Error: TLS handshake failed
Fatal TLS error (check_tls_errors_co), restarting
SIGUSR1[soft,tls-error] received, client-instance restarting
TCP/UDP: Closing socket
I am getting this same problem when trying to connect with my iPad. I cannot figure it out or find the answer.
Top
Post Reply

Return to “Configuration”