when connecting to my OpenVPN I am getting the following warnings in the client log:
Sat Mar 09 06:52:57 2019 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1469', remote='link-mtu 1569'
Sat Mar 09 06:52:57 2019 WARNING: 'tun-mtu' is used inconsistently, local='tun-mtu 1400', remote='tun-mtu 1500'
How can I fix this inconsistency in the MTU values? I have been reading about some not so intuitive MTU value calculation rules, but I don't feel safe about changing these values without knowing what's going on and stick with the feeling that VPN quality and speed can be compromised by these configurations.
I am using a DD-WRT router as the OpenVPN server. The DD-WRT interface enforces me to set some parameters in the configuration, such as Tunnel MTU Setting.
The server's configuration is the following:
dh /tmp/openvpn/dh.pem
ca /tmp/openvpn/ca.crt
cert /tmp/openvpn/cert.pem
key /tmp/openvpn/key.pem
keepalive 10 120
verb 3
mute 3
syslog
writepid /var/run/openvpnd.pid
management 127.0.0.1 14
management-log-cache 100
topology subnet
script-security 2
port 1194
proto udp4
cipher aes-128-cbc
auth sha256
client-connect /tmp/openvpn/clcon.sh
client-disconnect /tmp/openvpn/cldiscon.sh
client-config-dir /tmp/openvpn/ccd
tls-server
client-to-client
push "redirect-gateway def1"
tls-cipher TLS-DHE-RSA-WITH-AES-256-CBC-SHA256
fast-io
tun-mtu 1400
mtu-disc yes
server 192.168.5.0 255.255.255.0
dev tun2
tls-auth /tmp/openvpn/ta.key 0
And the client configuration like this:
dev tun
cipher AES-128-CBC
auth SHA256
tls-client
client
resolv-retry infinite
remote vpn.server.com 1194 udp
pkcs12 key.p12
remote-cert-tls server
tls-auth tls.key 1
Again... how can I fix these warnings?
Okay, I managed to fix these warnings by inserting:
in the client's .conf/.ovpn file