Ask Your Question

Why gets my MSS set to 60 on my OpenVPN Network?

asked 2019-01-26 02:48:21 +0000

Michael Uray gravatar image

I have there an OpenVPN connection to a plant, where the MSS size on a FTP filetransfer gets set to 60 for some reason.

One interesing thing is, that two devices on this network react different on this request. The Windows 10 PC sets the MSS to 536 and the PLC sets it to 60 like requested. Which one is right?

Why gets it set to 60 in general?

edit retag flag offensive close merge delete

1 Answer

Sort by » oldest newest most voted

answered 2019-01-27 14:12:04 +0000

mrEEde gravatar image

The minimum datagram size of an IPV4 packetdatagram that gets sent unfragmented is 576 bytes.

With 20 bytes IP and 20 bytes TCP header (assuming no options being used in either) the resulting MSS is 536. Therefore I would say a TCP SYN packet with the dont-fragment bit on in the IP header offering a MSS of 60 is not valid and the windows server is correct in ignoring this this proposal and sending segments with a MSS size of 536.

After all this is a file transfer session and sending tiny 60-byte chunks would not help achieving an acceptable throughput.

Why is is set to 60 in general ?

I think this is done at the entry into the VPN tunnel when the incoming MSS is being 'adjusted' based on the available MTU size in the tunnel. Seeing a 60 suggests that you have a MTU size of 100 bytes 'defined' in the tunnel ...
Tracing at the clients will probably show a much higher value in the TCP MSS option .

Regards Matthias

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower


Asked: 2019-01-26 02:48:21 +0000

Seen: 408 times

Last updated: Jan 27 '19