[prev in list] [next in list] [prev in thread] [next in thread]
List: iodine-users
Subject: [iodine-users] OpenVPN over iodine
From: Sven Dreyer <sven () dreyer-net ! de>
Date: 2011-06-14 15:26:59
Message-ID: 4DF77DC3.6050409 () dreyer-net ! de
[Download RAW message or body]
Hi List,
has anybody of you already used OpenVPN over iodine?
I have already set up a working configuration, because I wanted strong
authentication and encryption of all traffic. But sometimes it hangs for
a while, and now I am not sure how (or even if) I have to configure the
various size settings:
- My dns0 interface has an MTU of 1130 (default value). If I got it
right, iodine does an internal fragmentation, because the real MTU
depends on how long the DNS queries/replies are allowed to be, and that
is different in any scenario.
- My tun0 interface (OpenVPN) uses an MTU of 1500 (default value, too).
I think that if the Client generates a Packet, which enters OpenVPN's
tun0 interface, it might have a size of up to 1500 bytes. This is more
than the MTU of the dns0 interface, so it has to be fragmented to two
parts (1130 bytes plus the rest). The first packet (1130 bytes) will
unlikely fit into a single DNS request, so it has to be fragmented further.
What I am now asking myself is: can I avoid this by setting the
following OpenVPN's configuration parameters, and how should I set them?
- tun-mtu
- tun-mtu-extra
- fragment
- mssfix
Or should I change iodine options?
Any hints are greatly appreciated.
Thanks,
Sven
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic