Last modified: 2023-05-30
Get correct MTU
Start Ping at the 1500 mtu and decrease the 1500 value by 10 each time.
# -M: mtu discovery # -s: data size ping -M do -s 1500 -c 1 <target-ip> # if the packet loss, ping -M do -s 1490 -c 1 <target-ip> # if the packet loss yet, ping -M do -s 1480 -c 1 <target-ip> # if packet loss yet, ping -M do -s 1470 -c 1 <target-ip> # continue until packet is received...
- Get correct MSS (Maximum Segment Size)
After you find the correct MTU, now you need to get the MSS from the MTU.
To get the correct one, subtract 40 from the value of the MTU.
mss = mtu - 40
For example, if you get 1470 value of the MTU in the previous
ping section, the MSS is 1430.
- Set correct MSS into the config file of OpenVPN
Set mssfix in the configuration file (.ovpn) of the OpenVPN.
Replace the 1430 value with the value you found.
If you got the error such as "ERROR: failed to negotiate cipher with server. Add the server's cipher ('AES-256-CBC') to --data-ciphers (currently 'AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305') if you want to connect to this server." when starting
openvpn with the
.ovpn config file, it may be helpful to add the following line to the
.ovpn file for fixing this error.
# example.ovpn data-ciphers AES-256-CBC