OpenVPN Support Forum

Community Support Forum
https://forums.openvpn.net/

tun-mtu setting

https://forums.openvpn.net/viewtopic.php?t=13198

Page 1 of 1

tun-mtu setting

Posted: Wed Jun 19, 2013 9:48 am
by MatejKovacic
Hi, I have set up OpenVPN server and in server config file I have set:
tun-mtu 1450

I restart openvpn service (OS: Ubuntu, service openvpn restart) and after that I try to connect to server with a client (Ubuntu client also).

Connection is successful, but when I check MTU on a client (ifconfig tun0), it says MTU is 1500.

What could be wrong?

Re: tun-mtu setting

Posted: Fri Jun 21, 2013 6:40 am
by maikcat
can you please post configs/logs?

Michael.

Re: tun-mtu setting

Posted: Fri Jun 21, 2013 10:07 am
by MatejKovacic
port 443
proto tcp
dev tun
ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/Server.crt
key /etc/openvpn/keys/Server.key
dh /etc/openvpn/keys/dh4096.pem
tls-auth /etc/openvpn/keys/ta.key 0
crl-verify /etc/openvpn/keys/crl.pem
server 10.10.5.0 255.255.255.0
persist-key
persist-tun
ifconfig-pool-persist /etc/openvpn/ipp.txt
topology subnet
push "topology subnet"
push "redirect-gateway def1"
push "dhcp-option DNS 10.10.5.1"
persist-key
persist-tun
tun-mtu 1450
mtu-disc maybe
user nobody
group nogroup
client-config-dir /etc/openvpn/ccd
comp-lzo yes
push "comp-lzo yes"
keepalive 10 120
verb 4
status /var/log/openvpn/status.log
log /var/log/openvpn/openvpn.log
log-append /var/log/openvpn/openvpn.log

BTW, this config is working, but users with iPads cannot login. Log file says:

VERIFY OK: depth=0, /C=SI/ST=SI/L=***/O=***/CN=***/name=***/emailAddress=***
TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
TLS Error: TLS handshake failed
Fatal TLS error (check_tls_errors_co), restarting
SIGUSR1[soft,tls-error] received, client-instance restarting
TCP/UDP: Closing socket

Re: tun-mtu setting

Posted: Wed Mar 12, 2014 3:50 pm
by makaveli6103
MatejKovacic wrote:port 443
proto tcp
dev tun
ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/Server.crt
key /etc/openvpn/keys/Server.key
dh /etc/openvpn/keys/dh4096.pem
tls-auth /etc/openvpn/keys/ta.key 0
crl-verify /etc/openvpn/keys/crl.pem
server 10.10.5.0 255.255.255.0
persist-key
persist-tun
ifconfig-pool-persist /etc/openvpn/ipp.txt
topology subnet
push "topology subnet"
push "redirect-gateway def1"
push "dhcp-option DNS 10.10.5.1"
persist-key
persist-tun
tun-mtu 1450
mtu-disc maybe
user nobody
group nogroup
client-config-dir /etc/openvpn/ccd
comp-lzo yes
push "comp-lzo yes"
keepalive 10 120
verb 4
status /var/log/openvpn/status.log
log /var/log/openvpn/openvpn.log
log-append /var/log/openvpn/openvpn.log

BTW, this config is working, but users with iPads cannot login. Log file says:

VERIFY OK: depth=0, /C=SI/ST=SI/L=***/O=***/CN=***/name=***/emailAddress=***
TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
TLS Error: TLS handshake failed
Fatal TLS error (check_tls_errors_co), restarting
SIGUSR1[soft,tls-error] received, client-instance restarting
TCP/UDP: Closing socket
I am getting this same problem when trying to connect with my iPad. I cannot figure it out or find the answer.
All times are UTC
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/