OpenVPN, OSPF and UDP fragmentation mess

matsan · Sep 28, 2023, 10:03 AM

Hello,
we have two SG-3100 connecting two sites using OpenVPN. Because one of the sites is a bit unreliable we have a separate LTE Router connected to WAN2 and running multiple OpenVPN tunnels with FRR and OSPF. All this works very reliable.
Now we have a measure/control system at one site (the "client" site in respect to OpenVPN). The is Shelly brand equipment using CoIoT UDP to connect to Home Assistant (on "server" side) on port 5683 and it's here where the problem starts.
UDP packets are not reaching Home Assistant on the server side and I have a hunch it's due to MTU and MSS over the OpenVPN tunnel between the sites.
Tried adding tun-mtu 1472;fragment 1400;mssfix to the OpenVPN server and att magically started to work with the CoIoT traffic! Excellent!
BUT, at the first Internet failure we noticed that the fail-over did not work!
So, I checked the FRR OSPF status and saw that they were not connected.
Removing the tun-mtu etc setting and OSPF immediately started again, but then CoIoT connection was lost.
Stuck between a rock and hard place...
The Shelly equipment doesn't have MTU setting on the WiFi interface. I guess one solution would be to lower the MTU on the client SG-3100 LAN interface...?
Anything else I can try to get both OSFP and CoIoT through the OpenVPN tunnel?

Thanks,
/Mattias