I have a problem which I have not been able to resolve.

I have an application that I am testing for sending video over a bridged VPN connection using a pair of MT RB411GL boards. One one board I am running OVPN server with ethernet/tap configuration which is bridged to the ether1 port.

On the other end I have OVPN client which is bridged to the ether1 port.

I can make a connection from a PC using OVPN client software and ping with packets that are up 1500 in length. Video works fine.

I can ping from the console of the client RB411GL across the OVPN tunnel link also with packets of 1500 in length.

But, if I ping from PC attached to the client RB411GL I can only get packets up to 1460 in length. All bridges are set to defaults, all ethernet ports are set to defaults. Should be able to go up to 1500.

The strange thing is that I can ping out of the OVPN server over the bridged ethernet port without issue at 1500 length, but it is only when sending through the client router that the packets get fragmented. The configuration is exactly the same at both ends.

Any ideas?

Odd, but if I turn off encryption and just use SHA1 authentication, then I can pass 1500 packets.

But then explain to me why I can ping 1500 length packets from the console of the remote client router to a pc at the server end, but I cannot go end to end from a pc to pc? The tunnel should fail in both cases.

So either the MT console is reporting back ping packet lengths, or it is bypassing encryption on the tunnel.

So I can have an unencrypted VPN for now. Not exactly what I want, but it will work for demo purposes.

I've run into similar problems before with ipsec VPN connections .
Have you tried using a mangle rule to reduce the MSS as that usually seems to fix the problem.

Yes, I tried using a mangle rule to reduce the size to 1460 for mss, but it did not fix the problem.

Seems strange that I can pass large packets from the console of the router, but not from a connected PC.

I have a similar problem with OpenVPN. I have configured an OpenVPN server on a RB1100AHx2 device (ethernet/tap).

Two RB750 are connected over DSL as OpenVPN clients. Furthermore various PCs using OpenVPN soft clients are also connected occasionally to server.

All traffic from all clients (RB750 nated subnets & standalone PCs) towards OpenVPN servers works smoothly without any problem and with great stability.

But there is a strange problem with traffic from OpenVPN server towards RB750 clients.
Winbox for example passes the authentication phase but data never received. Web traffic on natted server behind RB750 has also problems. I also suspected that this is related to MTU size but after testing various values it never worked. I repeat the bizarre thing is that traffic towards opposite direction (client to server) works without any problem. Ping seems to work well both directions.

This is very annoying, can someone help me with this?

Update.

Traffic from server towards PC based OpenVPN clients also work fine. So the problem only stands for traffic from server towards RB750 configured clients? (All tests conducted using DSL and mobile 3G networks with all combinations.)

Any ideas?