diff --git a/docs/tunneling/fastd.md b/docs/tunneling/fastd.md index a4c5ebc..89879b9 100644 --- a/docs/tunneling/fastd.md +++ b/docs/tunneling/fastd.md @@ -46,7 +46,7 @@ peer "" { remote "" port ; key ""; - interface "$INTERFACE"; + interface ""; float yes; } @@ -100,6 +100,21 @@ Now we need to fill in the peer details of the node you are connecting to: The last thing to configure now is to rise the interface up when fastd starts (as it normally doesn't rise it for you), all occurences of `` here should match the one in the `interface ;` declaration as shown earlier. +### MTU + +The default MTU of a fastd tunnel is 1500 bytes. However, this can be problematic if the Internet uplink also has an MTU of 1500 or less. In this case IP fragmentation can occur. This is usually something you want to avoid. + +To calculate the appropriate MTU, you must first calculate the fastd overhead: +The default overhead is 28. If the `null` method is used, add 1, if the `null@l2tp` method is used, add 8, and for all other methods, add 24. If TAP is used instead of TUN, add 14. If the tunnel is established over IPv6, add 20. +Now calculate the MTU of the uplink (often 1500) minus the number you just calculated and you get the MTU that must be used in the fastd tunnel. +You can configure this with the parameter `mtu`: +``` +mtu ; +``` +Replace `` with the calculated number. + +You can either write this statement in the configuration file. Then it applies to all configured peers. Alternatively, you can put it in the `peer` block on a per-peer basis. + ### Starting and maintaining the daemon You can then start the daemon as follows: @@ -116,3 +131,8 @@ Run `systemctl start fastd@crxn` to bring up the tunnel Run `systemctl stop fastd@crxn` to bring down the tunnel To enable the systemd unit on startup run `systemctl enable fastd@crxn` + +## Further links + +- [fastd documentation](https://fastd.readthedocs.io/en/stable/) +- [fastd mtu documentation](https://fastd.readthedocs.io/en/stable/manual/mtu.html) diff --git a/docs/tunneling/openvpn.md b/docs/tunneling/openvpn.md index 71c5e83..53a0a18 100644 --- a/docs/tunneling/openvpn.md +++ b/docs/tunneling/openvpn.md @@ -120,3 +120,4 @@ systemctl enable openvpn@ - [Reference manual for OpenVPN 2.6](https://openvpn.net/community-resources/reference-manual-for-openvpn-2-6/) - [dn42 OpenVPN Guide](https://dn42.dev/howto/openvpn) +- [Optimizing OpenVPN Throughput](https://hamy.io/post/0003/optimizing-openvpn-throughput/)