OpenVPN Troubleshooting
Last modified: 2023-05-30
Set Correct MTU (Maximum Transmission Unit)
-
Get correct MTU
Start Ping at the 1500 mtu and decrease the 1500 value by 10 each time.
On Linux,
# -M: mtu discovery
# -s: data size
ping -M do -s 1500 -c 1 <target-ip>
# if the packet loss,
ping -M do -s 1490 -c 1 <target-ip>
# if the packet loss yet,
ping -M do -s 1480 -c 1 <target-ip>
# if packet loss yet,
ping -M do -s 1470 -c 1 <target-ip>
# continue until packet is received...
- Get correct MSS (Maximum Segment Size)
After you find the correct MTU, now you need to get the MSS from the MTU.
To get the correct one, subtract 40 from the value of the MTU.
mss = mtu - 40
For example, if you get 1470 value of the MTU in the previous ping
section, the MSS is 1430.
- Set correct MSS into the config file of OpenVPN
Set mssfix in the configuration file (.ovpn) of the OpenVPN.
mssfix 1430
Replace the 1430 value with the value you found.
Data Cipher Errors
If you got the error such as "ERROR: failed to negotiate cipher with server. Add the server's cipher ('AES-256-CBC') to --data-ciphers (currently 'AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305') if you want to connect to this server." when starting openvpn
with the .ovpn
config file, it may be helpful to add the following line to the .ovpn
file for fixing this error.
# example.ovpn
data-ciphers AES-256-CBC