Folks, As an ISP we often have to manage wans for customers where we don't have access to customers firewalls, and the customers expect full sized frames / packets across the wan, the issue is when we used 3rd party networks with constrained MTUs, while we can adjust TCP MSS if we control the network devices putting packets across the VPN, this is not always possible,
IP fragmentation (sometimes) works but it breaks load balancing (hashes of IP fragments do not match the hashes for original packet being sent. but sometimes is not good enough. Possible solutions which we have seen in in other vendors MLPPP on L2TP / PPPoE with MRRU (Maximum Received Reconstructed Unit) which allowed for packet splitting outbound and reconstruction on inbound OpenVPN have UDP fragment option (which works by encapsulating a packet across 2 equal sided packets once the encapsulated packet would be greater than 1/2 the size of the Max UDP fragment, ( packets would have the same size, same src & destination port and src and destination ip (so packet ordering / LACP load balancing path would be consistent or at least more consistent for those packets OpenVPN & tap interface performance is not brilliant , so I'm hopping there is a kernel driver device that would allow I was wondering if anyone else ran into this issue and resolved it with an existing device driver in OpenBSD... Thanks -- Kindest regards, Tom Smyth.
