OpenVPN Support Forum

I have OpenVPN server and client configured on two OpenWrt routers and the connection is working. I'm trying to tunnel through this OpenVPN connection via an IPSEC VPN client and it connects, I can ping and access some machines on the network but cannot access some critical machines, and I can RDP to one machine I need to use but the connection drops shortly after.

Am I trying to achieve something that is not possible? Are the two protocols causing too much latency?

I can OpenVPN from location 1 and browse the internet as if I am in location 2
PC@location1 -> router with OpenVPN client -> internet -> router with OpenVPN server@location2 -> internet

Now I want to tunnel through that working connection to connect to an IPSEC VPN server that won't allow connections from location1

IPSEC VPN Client installed on PC@location1 -> router with OpenVPN client -> internet -> router with OpenVPN server@location2 -> internet -> IPSEC VPN Server -> local network

Hi Rob22,

I doubt it's due to the multiple protocols in use, but sure, too much latency hurts something like RDP. If you managed to connect at all, that means your routing is correct on both sides.

Regards, rob0 (or rob$((22-22)) perhaps)

Rob22 wrote: ↑

Sat Aug 21, 2021 4:36 am

Now I want to tunnel through that working connection to connect to an IPSEC VPN server that won't allow connections from location1

Easy ..

Same question, , on Linux, outer tunnel should be OpenVPN, inner tunnel should be IPSEC by vpnc. vpnc is failing.
I'm quite sure it's because of the MTUs.

The only way I got it working: An Android device doing wireless client and also access point, establishing the OpenVPN and sharing via access point. The Linux machines wifi interface set to MTU 1200, then doing vpnc.

I tried doing the same one the Linux client only. First establishing the OpenVPN, then starting vpnc with --ifmtu 1200. First it connects and I'm able to ping clients behind, but soon after it stops working with The difference is, that only the tun interface gets MTU 1200. Before when using the Android device as router, I can set the physical interface to MTU 1200. Any idea how to achieve that on the Linux machine only?

Talking at #openvpn we got some things clearer now. If establishing the inner vpnc tunnel fails then it's is never about the vpnc MTU because this only affects the tunneled data. It can only be about the outer OpenVPN MTU. This is 1300 by default set by the administrators OpenVPN config. I just set it to 1200 now and the vpnc seems to work.. But why exactly? And which is the best MTU? Just increasing until it fails and then setting -1 ?
What happens if an MTU is too large? Decreasing MTU actually would only lead to fragmented packets and degraded throughput, but why is some tunneled connection failing at all?

I got it working somehow by setting MTU 1300 on the physical interface.

https://gyazo.com/6f851b1c64c1545f636d270effc393e5
Hi am I having troubles with MTU as well can you please have a look at my system logs :S please