Would the clamping only be tcp specific?
Could I add the same rule for the udp VPN service?
iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j
CPMSS --clamp-mss-to-pmtu
--------------------------------------------------
From: "Thomas Jacob" <jacob@xxxxxxxxxxxxx>
Sent: Tuesday, September 07, 2010 11:05 AM
To: "J Webster" <webster_jack@xxxxxxxxxxx>
Cc: <netfilter@xxxxxxxxxxxxxxx>
Subject: Re: OpenVPN throttling problem
On Tue, 2010-09-07 at 10:25 -0400, J Webster wrote:
If the path MTU were not 1500 then why would the proxy server work
without
video stuttering issues but the VPN have stuttering?
Because OpenVPN seems to prevent the normal path MTU algorithms
from working in some instances, so the dynamic MSS/MTU
calculations cannot happen. Anyway, a proxy server
doesn't forward TCP packets in the way OpenVPN does,
it opens a new TCP connection and just relays the Web data stream,
so it's really quite a different thing.
I would have thought most broadband connections were not limited in that
way?
PPPoE DSL is, for instance.
I did try some MTU setting before of 1400, 1460, 1300 and the difference
was
minimal.
It's not enough to just configure that in OpenVPN, all the other
components (client NIC, gateway NICs, server NIC, intermediate router
NICs) also have their own MTU (hence the path MTU discovering
solution).
Not sure what else to try or how to troubleshoot. I suppose I could
follow
the traffic but not sure if it would help resolve the throttling issue?
Have you tried MSS clamping yet?
http://lartc.org/howto/lartc.cookbook.mtu-mss.html
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html