Painfully slow site-to-site OVPN
-
I have two sites with 100/100 connections however iPerf shows the speed as 9Mbps
From what I have read the most common issue is an incorrect MTU value.
I have tested and it appears that 1470 is the sweet spot for MTU
C:\WINDOWS\system32>ping -f 192.168.1.254 -l 1480 Pinging 192.168.1.254 with 1480 bytes of data: Packet needs to be fragmented but DF set. Packet needs to be fragmented but DF set. Packet needs to be fragmented but DF set. Packet needs to be fragmented but DF set. Ping statistics for 192.168.1.254: Packets: Sent = 4, Received = 0, Lost = 4 (100% loss), C:\WINDOWS\system32>ping -f 192.168.1.254 -l 1470 Pinging 192.168.1.254 with 1470 bytes of data: Reply from 192.168.1.254: bytes=1470 time=54ms TTL=62 Reply from 192.168.1.254: bytes=1470 time=55ms TTL=62 Reply from 192.168.1.254: bytes=1470 time=55ms TTL=62 Reply from 192.168.1.254: bytes=1470 time=55ms TTL=62 Ping statistics for 192.168.1.254: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 54ms, Maximum = 55ms, Average = 54ms C:\WINDOWS\system32>Should 1470 be entered as the MTU value in the OVPN interface or as a tun-mtu option in the OVPN client settings?
-
I understand I need to calculate MTU and MSS values then set them in pfSense.
From the test above I have identified the packets fragment above 1472. To this would make the WAN MTU value 1500 (1472 + 28)
If the correct MTU value is 1500 for the WAN link, is this the same MTU I should be using for OpenVPN?
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.