OpenVPN and MTU questions? Vs vpn packet processing settings

JonathanLee · Mar 3, 2025, 1:57 PM

Hello fellow Netgate community members can you please help?

I have been trying to figure this out for a while.

So my ping tests show I have 1472MTU take that add 28 and my wan is 1500 without the vpn. What should the MTU be set to on advanced settings for OpenVPN? I originally set my mss clamping on advanced settings/firewall nat/ vpn packet processing maximum mss to 1300 of the firewall and this gave me massive speed increases.

What should I use under openVPN side? Or should I delete the max mss 1300 and set something else on the vpn ?

Advanced settings options:
tun-mtu?? mssfix?? tun-mtu-extra?? fragment??

Why does setting the

nattygreg · Mar 4, 2025, 4:17 AM

My current setup that works well with openVPN for me is

tls-client;
remote-random;
tun-mtu 1500;
tun-mtu-extra 32;
mssfix 1450;
persist-key;
persist-tun;
reneg-sec 0;
remote-cert-tls server;
auth-retry nointeract;
auth-nocache;

I hope this helps, I had to tweak those settings until I stop getting gate way errors, because VPN providers for the most part will not give you these settings. This is in the customs section on openvpn.

JonathanLee · Mar 4, 2025, 5:50 AM

@nattygreg Thanks I have attempted many trail and error tests, another one that gave me speed boosts was changing these settings.

Screenshot 2025-03-03 at 21.50.05.png