How to change MTU/MSSFIX values for OpenVPN in pfsense?

Techneau · Nov 16, 2019, 7:48 AM

Can anyone explain how to change the MTU/MSSFIX values in pfsense for Openvpn? Please! This have been driving me up the wall. You would think after all these users that made changes to these values on OpenVPN on pfSense you would find a solution but no, not one person, everyone just mention "oh that solved my problem" but it's not helping anyone else. When I try using the shell command in pfsense I get weird message like I must specify tun/tap and when I try to define tun I am told the argument is wrong. If anyone help me with this i will make a simple video for future users with issues. I've been using pfSense since 2011. This is the first time a solution to a problem I have can't be found.!

Thank you,
Tech Neau

NogBadTheBad · Nov 16, 2019, 8:16 AM

Try:-

VPN -> OpenVPN -> ~~Clients~~ Server -> Edit -> Custom options

Techneau · Nov 16, 2019, 8:57 AM

@NogBadTheBad
You have got to be kidding me!!! lol, that most definitely worked. I been having issues accessing our VPN thru sprint's cellular network and only from sprint. This is due to recent changes to sprint's network or so a few of us think. In my case since I am using freeRADIUS for user authentication; I don't really have individual client files therefore, I had to add those arguments to the "Additional configuration options" section on the client export page and on the server side, I reset the VPN server and just like that I was able to connect using the cellular network. It has almost been a year since we've logged in thru the cellular network. What's weird tho was the fact we were able to access the VPN thru sprint's hotspot but not cellular. Thanks a million and since we used pictures to show the area for the custom options I don't think we need a video. Nevertheless, I will mention in a upcoming OpenVPN video I will be remaking. Hopes this helps everyone else.

A million thanks!!

NogBadTheBad · Nov 16, 2019, 12:15 PM

Ah your doing it on the server, I only run OpenVPN as a client.

Good to hear its working.

stanzapaticky · Feb 29, 2020, 9:30 AM

@NogBadTheBad Working great for me here in Canada! Rogers updated their modem firmware this week and tunnels had been disconnecting every few minutes. They sent a tech on-site, he made a few phone calls, and told me to try changing the tunnel MTU to 1300. Everything is working great again.

joshun · Apr 21, 2020, 8:28 AM

@stanzapaticky Why do fragment & mssfix differ by 40 bytes?

NogBadTheBad · Apr 21, 2020, 9:47 AM

This post is deleted!

JonathanLee · Jun 28, 2024, 5:45 AM

https://redmine.pfsense.org/issues/15585

Shouldn’t this export creation file include an option to customize the MTU and MSS ?

I opened a feature request for this, as I was wondering this today and referenced this thread. Please let me know if this is something you would like to see.