Issues With OpenVPN & MikroTik

content/posts/issues-with-openvpn-and-mikrotik/index.md

@@ -0,0 +1,45 @@
++++
+title = "Issues With OpenVPN & MikroTik"
+date = 2025-10-22
+
+[taxonomies]
+categories = ["Networking"]
+
+[extra]
+author = "Emil Miler"
++++
+
+I started having issues with my an existing OpenVPN tunnel after setting up a new MikroTik router in my home network.
+
+The symptoms were strange: I could resolve addresses through DNS, ping all hosts on the network, and access HTTP sites without issues. However, when I tried to SSH into any machine or access HTTPS services, the connection would time out.
+
+<!-- more -->
+
+After checking the OpenVPN logs, I discovered the issue was this:
+
+```
+read UDPv4 [EMSGSIZE Path-MTU=1460]: Message too long (fd=3,code=90)
+```
+
+In short, the encrypted packets being sent were too large.
+
+## Fixing OpenVPN
+
+The preferred option is to change the MTU size in the OpenVPN configuration by adding the following:
+
+```
+tun-mtu 1440
+mssfix 1392 fixed
+```
+
+## Fixing MikroTik
+
+Other option, albeit not preferred, is to set maximum MTU size on `ether1` (WAN) to 1460 from the default of 1500.
+
+```
+/interface ethernet set ether1 mtu=1460
+```
+
+Or in the GUI under `Interfaces > ether1 > MTU`.
+
+![winbox](winbox.png)