Setting correct MTU for OpenVPN

VPN connections can be sensitive to incorrect/low MTU set within your network, or on networks between you and your server. It is important that the correct MTU is set, to ensure fast and error-free VPN performance.

Symptoms of incorrect MTU

  • Slow VPN performance
  • Incomplete page load of resources via HTTP over VPN (ie. PHPMyAdmin, Munin, Monit etc.) Eg.
    • Only the page title loaded in the browser
    • Partial/incomplete page load, missing CSS/JSS

Identifying correct MTU

Discovering the correct MTU is very straightforward and can be achieved using ping, use the respective following commands (change www.example.com to suit)

On Windows

ping -n 1 -l 1500 -f www.example.com

On Linux

ping -M do -s 1500 -c 1 www.example.com

Decrease the 1500 value by 10 each time, until the ping succeeds. Once the ping succeeds, the value used is the MTU you should use.

Setting the MTU

OpenVPN requires a value called the MSS to be set. The MSS is the value for the MTU minus 40).

Eg. If your MTU is 1460, your MSS is 1420

MSS = MTU  - 40
MSS = 1460 - 40
MSS = 1420

To set the MSS for OpenVPN, in your OpenVPN configuration file (the file originally sent ending in .ovpn), add the following configuration line (replacing 1420 with the appropriate value).

mssfix 1420