On Thursday 17 June 2010 14:07:09 Linus Lüssing wrote:
Yep, tap mode in openvpn is adding an extra header, it encapsulates not only the ip-packet but also the ethernet frame into udp or tcp. (By the way, tun-mode also adds an extra header, but the packets are smaller - only IP packets encapsulated in UDP or TCP.)
May I ask whether you are bridging tap0 or if you are routing the packets (so having an ip address on tap0 and having according entries in your routing table)? If it's the latter, then you could just decrease the MTU on the tap0 interfaces to a fitting size and let the VPN routers do the PMTU discovery stuff automatically. But of course, then you probably wouldn't need tap-mode in this scenario, as it just adds additional overhead with the unnecessary ethernet frame in between.
I think we are bridging the VPN interface: root@OpenWrt:~# cat /etc/config/batman-adv-kernelland config batman-adv-kernelland general option interface 'ath1 tap0' option originator_interval option log_level
I know that tinc has two little, a bit hacky features in case of bridging tap0 with tap-mode (they call it switch-mode) to inform the other machines of the lower MTU in between. But I haven't heard of OpenVPN having similar features.
So I guess the easiest step would be the first suggestion, to do routing in between and lowering the MTU on the tap interfaces for a start before starting to experiment with (experimental) features and/or more complicated setups :).
So there is no "easy" or documented way how to do this with openvpn without routing? I would be happy if there is a way that is understandable.
If not, then I think the best way would be to try tinc.
Thanks Clemens