Question : Problem: Netgear DG834G and OpenVPN

Got a problem with this.

I have OpenVPN working internally between machines and I now need to get this working between an external and internal machine.   OpenVPN uses port 1194 by default so it should be a simple matter of adding a port routing on the router to send all UDP 1194 packets to the VPN server internally (outgoing packets are now restricted).

When trying from the outside, the router is getting the client packets and apparently passing them on to the server (from the router log), but the server is either not getting them or ignoring them.

I noticed that the OpenVPN standard MTU is 1500 but the router for some reason is set to 1458.
Both the client and server configuration use the default 1500.

I presume if the MTU is smaller on the router, then the server may not be getting the full 1500 packet sent.
Any idea why the router may have a smaller 1458 size?

What's the downside of the reduding the OpenVPN MTU to match the router?

Thanks
Gary

Answer : Problem: Netgear DG834G and OpenVPN

This was a discussion that I had with lrmoore previously on the same topinc:

http://www.experts-exchange.com/Security/Firewalls/Q_21034711.html

You shouldn't have this problem though, as your OpenVPN client should be able to fragment the packets before it encrypts them. I would try setting the tun-mtu to the MTU of your router and then  the fragment setting a bit lower than that.

The only consequence of this if it works is that you mave have slightly less thoughput than you might with higher MTU's as more packets will be framented, resulting in more overhead.