[Samba] Samba over bridged ethernet VPN

Wes Deviers wdevie at hrcsb.org
Wed Oct 1 13:51:03 GMT 2008

On Tuesday 30 September 2008 18:07:25 Daniel Bye wrote:
> Thanks for your reply, Wes.

> As for the routing between sites, if I understand correctly what you're
> asking, then it's simply a small LAN in the office attached via a commodity
> ADSL modem, with Samba and OpenVPN running on the same host. OpenVPN is
> running in bridged Ethernet mode, and assigns IP addresses to connecting
> clients. Therefore, effectively there is no routing between sites, as far
> as our CIFS/SMB clients are concerned. However, the physical routing is
> essentially as you'd expect - the office is on a standard domestic grade
> ADSL link, as are two of the remote users. The other remote users and I
> are connected over cable, and all are subject to our upstream providers'
> routing policies.
> I'm going to try fiddling with the MTU/fragment/mssfix settings in my
> OpenVPN configs, and see how we get on.

If you're using Linux routers, a good diag tool is "iperf", which has a 
maximum MTU discovery mode.  The problem (apparently) comes in because 
fragmenting OpenVPN packets is Bad.  So if you set no-fragment then large 
packets just get dropped, which is also Bad.  It can also come from an 
interface or router in the middle that's broken somehow.  In my case, I had a 
PCI T1 interface that wasn't reporting the correct MTU for path discovery.  It 
was reporting 1500 as standard but it actually cut off somewhere around 1480; I 
think the driver implementation was broken.  Normally it wouldn't be an issue, 
but since OVPN can't be fragmented it became a problem.

Regardless, I hard-set the MTU on the ethernet devices (both ends) to 1400 and 
that fixed the transport issue.  In theory, you can do the same in the OVPN 
config (such that it pre-fragments, basically) but it didn't work as well for 

Good luck!


More information about the samba mailing list