About MTU during VPN connection between Azure virtual network gateway and OpenVPN client

Official client software for OpenVPN Access Server and OpenVPN Cloud.
Post Reply
taka2000
OpenVpn Newbie
Posts: 1
Joined: Wed May 17, 2023 4:54 am

About MTU during VPN connection between Azure virtual network gateway and OpenVPN client

Post by taka2000 » Wed May 17, 2023 5:26 am

Nice to meet you.

I have a question about MTU values for VPN connection between Azure virtual NW gateway and OpenVPN client.

1. environment

・Client PC
・Client PC: Win11
・OpenVPN client version: 2.5.9

・Azure Virtual Network Gateway subscription status
 ・SKU Standard
 ・Level Regional

2.Incident

After a warning message was output on the OpenVPN client side to adjust the MTU value when connecting to the VPN, a message was output to the effect that the MTU value had been adjusted (corrected).

(1) Log of warning message
------------------------------------------------------------------
'link-mtu' is used inconsistently, local='link-mtu 1551', remote='link-mtu 1500'
'tun-mtu' is present in local config but missing in remote config, local='tun-mtu 1500'
------------------------------------------------------------------

(2) MTU adjusted message
------------------------------------------------------------------
IPv4 MTU set to 1500 on interface 22 using service
------------------------------------------------------------------

3. Communication status

Since the VPN connection is established and communication is possible afterwards, it is considered that there is no problem.
However, just to be sure, inquire with Azure Support about the warning message and MTU value. 4.


4. Inquiry and response from Azure Support regarding MTU value

・The answer from Azure Support

 ・The response from Azure Support:
  ⇒ The response from Azure Support was that it is recommended to set the MTU on the VPN client side to 1400.
  We were not able to obtain a view on the warning message on the VPN client side (because it was not our responsibility).
  
(Reference URL) - VPN and MTU | Microsoft Learn
https://learn.microsoft.com/ja-jp/azure ... pn-and-mtu

The MTU value cannot be changed on the Azure side.

-----------------------------------------------------------------------------------------------

This is all about the history so far.

I would like to ask someone with construction knowledge,
When connecting VPN with Azure Virtual Network Gateway and OpenVPN client
Is it necessary to set the MTU value to 1400 on the OpenVPN client side?

At the time of VPN connection, the MTU warning message is output on the client side, but
After that, the message with the corrected MTU value is output, so I feel that there is no problem with the communication after VPN connection.


We welcome any experiences or opinions from those who have knowledge of this issue.

Best regards

Post Reply