diff options
author | Arne Schwabe | 2022-11-04 13:56:55 +0100 |
---|---|---|
committer | Gert Doering | 2022-11-06 01:00:57 +0100 |
commit | 5f6ea5975927627680c21c10670ccb8503f18249 (patch) | |
tree | abf5455ca56525bb61480c1aae941797e73a20b7 /Changes.rst | |
parent | a5a30ec311ce9d0dbcd6162daab97a225189d570 (diff) | |
download | openvpn-5f6ea5975927627680c21c10670ccb8503f18249.zip openvpn-5f6ea5975927627680c21c10670ccb8503f18249.tar.gz |
Allow setting control channel packet size with max-packet-size
Currently control packet size is controlled by tun-mtu in a very
non-obvious way since the control overhead is not taken into account
and control channel packet will end up with a different size than
data channel packet.
Instead we decouple this and introduce max-packet-size. Control packet size
defaults to 1250 if max-packet-size is not set.
Patch v2: rebase on latest patch set
Patch v3: Introduce TLS_CHANNEL_MTU_MIN define and give explaination
of its value.
Patch v4: introduce max-packet-size instead of tls-mtu
Patch v5: improve documentation
Patch v6: Rebase, lower lower limit, add warning message for
when wrapped tls-crypt-v2 keys will ignore max-packet-size
Signed-off-by: Arne Schwabe <arne@rfc2549.org>
Acked-by: Frank Lichtenheld <frank@lichtenheld.com>
Message-Id: <20221104125655.656150-2-arne@rfc2549.org>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg25477.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Diffstat (limited to 'Changes.rst')
-rw-r--r-- | Changes.rst | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/Changes.rst b/Changes.rst index fc5a1a8..173abf5 100644 --- a/Changes.rst +++ b/Changes.rst @@ -100,6 +100,13 @@ Inline auth username and password http-proxy-user-pass too. +Improved control channel packet size control (``max-packet-size``) + The size of control channel is no longer tied to + ``--link-mtu``/``--tun-mtu`` and can be set using ``--max-packet-size``. + Sending large control channel frames is also optimised by allowing 6 + outstanding packets instead of just 4. ``max-packet-size`` will also set + ``mssfix`` to try to limit data-channel packets as well. + Deprecated features ------------------- ``inetd`` has been removed @@ -163,6 +170,10 @@ User-visible Changes - :code:`link_mtu` parameter is removed from environment or replaced with 0 when scripts are called with parameters. This parameter is unreliable and no longer internally calculated. +- control channel packet maximum size is no longer influenced by + ``--link-mtu``/``--tun-mtu`` and must be set by ``--max-packet-size`` now. + The default is 1250 for the control channel size. + - In point-to-point OpenVPN setups (no ``--server``), using ``--explict-exit-notiy`` on one end would terminate the other side at session end. This is considered a no longer useful default and has |