OpenVPN MTU関連設定

Reference manual for OpenVPN 2.4

OpenVPN Protocol



Sets an upper bound on the size of UDP packets which are sent between OpenVPN peers. It’s best not to set this parameter unless you know what you’re doing.


OpenVPNピア間で送信されるUDPパケットのサイズの上限を設定します。 何をしているのかわからない場合は、このパラメータを設定しないことをお勧めします。



Take the TUN device MTU to be n and derive the link MTU from it (default=1500). In most cases, you will probably want to leave this parameter set to its default value.The MTU (Maximum Transmission Units) is the maximum datagram size in bytes that can be sent unfragmented over a particular network path. OpenVPN requires that packets on the control or data channels be sent unfragmented.

MTU problems often manifest themselves as connections which hang during periods of active usage.

It’s best to use the –fragment and/or –mssfix options to deal with MTU sizing issues.


TUNデバイスのMTUをnとし、そこからリンクMTUを取得します(デフォルト= 1500)。 ほとんどの場合、このパラメーターをデフォルト値に設定したままにしておくことをお勧めします。MTU(Maximum Transmission Units)は、特定のネットワークパスを介して断片化せずに送信できるバイト単位の最大データグラムサイズです。 OpenVPNでは、制御チャネルまたはデータチャネル上のパケットをフラグメント化せずに送信する必要があります。





Enable internal datagram fragmentation so that no UDP datagrams are sent which are larger than max bytes.

The max parameter is interpreted in the same way as the –link-mtu parameter, i.e. the UDP packet size after encapsulation overhead has been added in, but not including the UDP header itself.

The –fragment option only makes sense when you are using the UDP protocol ( –proto udp ).

–fragment adds 4 bytes of overhead per datagram.

See the –mssfix option below for an important related option to –fragment.

It should also be noted that this option is not meant to replace UDP fragmentation at the IP stack level. It is only meant as a last resort when path MTU discovery is broken. Using this option is less efficient than fixing path MTU discovery for your IP link and using native IP fragmentation instead.

Having said that, there are circumstances where using OpenVPN’s internal fragmentation capability may be your only option, such as tunneling a UDP multicast stream which requires fragmentation.




–fragmentオプションは、UDPプロトコル(–proto udp)を使用している場合にのみ意味があります。







Announce to TCP sessions running over the tunnel that they should limit their send packet sizes such that after OpenVPN has encapsulated them, the resulting UDP packet size that OpenVPN sends to its peer will not exceed maxbytes. The default value is 1450.

The max parameter is interpreted in the same way as the –link-mtu parameter, i.e. the UDP packet size after encapsulation overhead has been added in, but not including the UDP header itself. Resulting packet would be at most 28 bytes larger for IPv4 and 48 bytes for IPv6 (20/40 bytes for IP header and 8 bytes for UDP header). Default value of 1450 allows IPv4 packets to be transmitted over a link with MTU 1473 or higher without IP level fragmentation.
The –mssfix option only makes sense when you are using the UDP protocol for OpenVPN peer-to-peer communication, i.e. –proto udp.

–mssfix and –fragment can be ideally used together, where –mssfix will try to keep TCP from needing packet fragmentation in the first place, and if big packets come through anyhow (from protocols other than TCP), –fragment will internally fragment them.

Both –fragment and –mssfix are designed to work around cases where Path MTU discovery is broken on the network path between OpenVPN peers.

The usual symptom of such a breakdown is an OpenVPN connection which successfully starts, but then stalls during active usage.

If –fragment and –mssfix are used together, –mssfix will take its default max parameter from the –fragment max option.

Therefore, one could lower the maximum UDP packet size to 1300 (a good first try for solving MTU-related connection problems) with the following options:

–tun-mtu 1500 –fragment 1300 –mssfix









–tun-mtu 1500 –fragment 1300 –mssfix

OpenVPN MTU関連設定


メールアドレスが公開されることはありません。 * が付いている欄は必須項目です