MTU issue? unable transmit large data
- 
 I've got openVPN running successfully. I can see all of the machines on the local network and communicate with them. The problem occurs when I try any kind of 'heavy' ssh traffic or 'heavy' samba traffic. 
 With ssh I am able to log in and run basic commands (uptime, cd, top) without issue. If I try an ls of a large directory I get maybe 1/3 through the listing and the output hangs(the location is fairly reproducible) it will continue eventually and takes about 2 minutes to run the entire command (according to the time command). If i run the same command and pipe the output to something off screen it takes less than 1 second to complete.With samba shares I can generally navigate through them but if I arrive at a folder with a large amount of (usually) large files everything slows way down, almost as if its hanging temporarily like with ssh. If I try to open a file i am unable to and the explorer window often becomes unresponsive. My research has led me to believe that it could be an issue with mtu size although I do not see mtu errors in the logs. Any help or advice would be greatly appreciated!! Setup: 
 'road warrior' laptop(currently not firewalled) talking to a wrt54gl running ddwrt. This 'ap' is doing little more than dhcp; there is no wan connection to it. Its mtu size is set at 1500. The wifi is plugged into the wan port on a pfsense box. This box acts as a vpn endpoint for secure wifi access to the lan. There is another pfsense box with active wan points which provides internet access and other services to the lan.wifi clients -> wifi ap -> pfsense box 1 ->{lan servers, hardwired desktops} <-pfsense box 2 <-{internet} I can post logs/configs as needed. 
- 
 Well i've been doing some more research… 
 I am able to pull down large files (linux iso's, etc) at a speed reasonable for my wan connections via http.
 Skype works just fine. As does Google talk.I am unable to use windows remote desktop to connect to computers on the lan through the vpn. so what do ssh, samba and rdc have in common that http and skype don't? 
- 
 I've found people with similar problems but from several years ago. 
 see this thread:
 http://openvpn.net/archive/openvpn-users/2003-09/msg00038.htmlI've tried their suggestions about mtu sizes with no luck. does anyone have a working openvpn road warrior setup they would like to share? 
- 
 i know that RDP is a TCP program and untill Pfsense is upgraded with a Wan Accelerator any thing that is "TCP Chatty" is going to be slower than ideal. i do have a working config but it is just the same as some of the Vanilla configs out there. also i have dual wans so i have the fail over retry config here float 
 port 1194
 dev tun
 dev-node vpn
 #dev-node ovpn <-ovpn is the name of the renamed interface
 proto tcp-client
 remote ip.ad.dr.ess 1194
 remote ip.ad.dr.ess 1194
 resolv-retry 30
 ping 10
 persist-tun
 persist-key
 tls-client
 ca ca.crt
 cert cert.crt
 key key.key
 ns-cert-type server
 #comp-lzo <- to enable remove the #
 pull
 verb 4
- 
 @wjs: does anyone have a working openvpn road warrior setup they would like to share? pfSense config autocreated by the GUI: $ less /var/etc/openvpn_server0.conf 
 writepid /var/run/openvpn_server0.pid
 #user nobody
 #group nobody
 daemon
 keepalive 10 60
 ping-timer-rem
 persist-tun
 persist-key
 dev tun
 proto tcp-server
 cipher BF-CBC
 up /etc/rc.filter_configure
 down /etc/rc.filter_configure
 server 10.0.3.0 255.255.255.0
 client-config-dir /var/etc/openvpn_csc
 lport 1194
 push "dhcp-option DISABLE-NBT"
 ca /var/etc/openvpn_server0.ca
 cert /var/etc/openvpn_server0.cert
 key /var/etc/openvpn_server0.key
 dh /var/etc/openvpn_server0.dh
 comp-lzo
 persist-remote-ip
 float
 push "route 10.0.0.0 255.255.254.0"windows-client: 
 client
 dev tun
 proto tcp
 remote myserver.mydomain.internet 1194
 resolv-retry infinite
 nobind
 persist-key
 persist-tun
 ca ca.crt
 cert dskt6624.crt
 key dskt6624.key
 ns-cert-type server
 cipher BF-CBC
 comp-lzo
 verb 3
- 
 Thanks chazers18 and GruensFroeschli for your replies. I don't see any major differences between your posts and mine. I'm thinking that I might have miss-configured something in the routing or nating on one of the boxes. As a follow up, RDC also 'kinda works'. I can connect to one machine (of the two that I tried so far). That being said the connection is unusable; it drops in and out, doesn't hardly refresh, and is unresponsive to input. I am thinking about merging the functionality of the two machines to see if that fixes this. It should simplify things at least… Oh well, wish me luck. 
