VPN/tunnel performance: check MSS settings
What happened
Misconfigured Maximum Segment Size (MSS) can cause stalled VPN/tunnel connections, timeouts, and slow transfers, per a recent deep dive.
Why it matters
MSS is the largest amount of data that a device will accept in a single, unfragmented TCP segment. VPNs add overhead, which can push packet sizes over the standard Ethernet MTU (1500 bytes), leading to fragmentation. Fragmentation can hurt performance and reliability, especially over lossy networks. Setting MSS too high forces the VPN to fragment packets. Setting it too low wastes bandwidth by underutilizing the MTU. A common recommendation is to set the MSS to 1300-1400 bytes for VPNs, but this can vary. Tools like `ping` with the `-M do` flag (don't fragment) can help you discover the ideal MSS for your VPN setup. Adjusting the MSS can often be done in the VPN client or server configuration. Some routers also have MSS clamping features.
Key numbers
- VPNs add overhead, which can push packet sizes over the standard Ethernet MTU (1500 bytes), leading to fragmentation.
- A common recommendation is to set the MSS to 1300-1400 bytes for VPNs, but this can vary.
What happens next
- MSS is the largest amount of data that a device will accept in a single, unfragmented TCP segment.
Sources
Quick answers
What happened in VPN/tunnel performance: check MSS settings?
Misconfigured Maximum Segment Size (MSS) can cause stalled VPN/tunnel connections, timeouts, and slow transfers, per a recent deep dive.
Why does VPN/tunnel performance: check MSS settings matter?
MSS is the largest amount of data that a device will accept in a single, unfragmented TCP segment. VPNs add overhead, which can push packet sizes over the standard Ethernet MTU (1500 bytes), leading to fragmentation. Fragmentation can hurt performance and reliability, especially over lossy networks. Setting MSS too high forces the VPN to fragment packets. Setting it too low wastes bandwidth by underutilizing the MTU. A common recommendation is to set the MSS to 1300-1400 bytes for VPNs, but this can vary. Tools like ping with the -M do flag (don't fragment) can help you discover the ideal MSS for your VPN setup. Adjusting the MSS can often be done in the VPN client or server configuration. Some routers also have MSS clamping features.
