[iodine-users] OpenVPN over iodine

[Sven Dreyer]

Hi List,

has anybody of you already used OpenVPN over iodine?

I have already set up a working configuration, because I wanted strong 
authentication and encryption of all traffic. But sometimes it hangs for 
a while, and now I am not sure how (or even if) I have to configure the 
various size settings:

- My dns0 interface has an MTU of 1130 (default value). If I got it 
right, iodine does an internal fragmentation, because the real MTU 
depends on how long the DNS queries/replies are allowed to be, and that 
is different in any scenario.
- My tun0 interface (OpenVPN) uses an MTU of 1500 (default value, too).

I think that if the Client generates a Packet, which enters OpenVPN's 
tun0 interface, it might have a size of up to 1500 bytes. This is more 
than the MTU of the dns0 interface, so it has to be fragmented to two 
parts (1130 bytes plus the rest). The first packet (1130 bytes) will 
unlikely fit into a single DNS request, so it has to be fragmented further.

What I am now asking myself is: can I avoid this by setting the 
following OpenVPN's configuration parameters, and how should I set them?
- tun-mtu
- tun-mtu-extra
- fragment
- mssfix

Or should I change iodine options?

Any hints are greatly appreciated.

Thanks,
Sven