Flint2 Issue with openvpn with udp suspect looks like mssfix

Routers
1

Flint 2 is acting as Main Router and also OpeVPN Server. Open VPN client connection is successful but later on if you run commands such as ls the session hangs.

To me it looks like a mss issue and I have fixed this by adding mssfix 1320 on the client configuration. After this client performance is much improved but still ping with bigger packet size fails defauld packet size works.

ping 10.8.0.1
PING 10.8.0.1 (10.8.0.1): 56 data bytes
64 bytes from 10.8.0.1: icmp_seq=0 ttl=64 time=31.961 ms
64 bytes from 10.8.0.1: icmp_seq=1 ttl=64 time=37.407 ms
^C
--- 10.8.0.1 ping statistics ---
3 packets transmitted, 2 packets received, 33.3% packet loss
round-trip min/avg/max/stddev = 31.961/34.684/37.407/2.723 ms

ping -s 1500 10.8.0.1
PING 10.8.0.1 (10.8.0.1): 1500 data bytes
Request timeout for icmp_seq 0
Request timeout for icmp_seq 1
^C
--- 10.8.0.1 ping statistics ---
3 packets transmitted, 0 packets received, 100.0% packet loss

10.8.0.1 is vpn router address.

3

Hi

The mssfix only applies to TCP traffic.

Please try adding the following lines to the exported .ovpn file to:

  • Enable fragmentation for protocols other than TCP
  • For TCP, set MSS to the value configured in fragment (1300).
fragment 1300
mssfix

Additionally, If you plan to use Ping to discover the path MTU, note that the -s option in the Linux ping command specifies the ICMP payload size, not the total IP packet size.

For a network with an MTU of 1500:

  • IPv4: maximum payload = 1500 - 20 (IP header) - 8 (ICMP header) = 1472
  • IPv6: maximum payload = 1500 - 40 (IP header) - 8 (ICMP header) = 1452
4

if I add fragment in ovpn file it gives below error when I try to connect VPN:

Screenshot 2025-11-11 at 18.39.30
Screenshot 2025-11-11 at 18.39.30752×798 43.7 KB

5

The OpenVPN Connect v3.x client does not support the fragment parameter.

Please try using the open-source OpenVPN v2.x client instead: