Setting correct MTU for OpenVPN
Table of Contents
VPN connections can be sensitive to incorrect/low MTU set within your network, or on networks between you and your server. It is important that the correct MTU is set, to ensure fast and error-free VPN performance.
Symptoms of incorrect MTU
- Slow VPN performance
- Incomplete page load of resources via HTTP over VPN (ie. PHPMyAdmin, Munin, Monit etc.)
Eg.
- Only the page title loaded in the browser
- Partial/incomplete page load, missing CSS/JSS
Identifying correct MTU
Discovering the correct MTU is very straightforward and can be achieved using ping
, use the respective following commands (change www.example.com
to suit)
On Windows
ping -n 1 -l 1500 -f www.example.com
On Linux
ping -M do -s 1500 -c 1 www.example.com
On OSX
ping -D -v -s 1500 -c 1 www.example.com
Decrease the 1500 value by 10 each time, until the ping succeeds. Once the ping succeeds, the value used is the MTU you should use.
Setting the MTU
OpenVPN requires a value called the MSS to be set. The MSS is the value for the MTU minus 40).
Eg. If your MTU is 1460, your MSS is 1420
MSS = MTU - 40
MSS = 1460 - 40
MSS = 1420
To set the MSS for OpenVPN, in your OpenVPN configuration file (the file originally sent ending in .ovpn
), add the following configuration line (replacing 1420
with the appropriate value).
mssfix 1420