+++
title = "Issues With OpenVPN & MikroTik"
date = 2025-10-22

[taxonomies]
categories = ["Networking"]

[extra]
author = "Emil Miler"
+++

I started having issues with my an existing OpenVPN tunnel after setting up a new MikroTik router in my home network.

The symptoms were strange: I could resolve addresses through DNS, ping all hosts on the network, and access HTTP sites without issues. However, when I tried to SSH into any machine or access HTTPS services, the connection would time out.

<!-- more -->

After checking the OpenVPN logs, I discovered the issue was this:

```
read UDPv4 [EMSGSIZE Path-MTU=1460]: Message too long (fd=3,code=90)
```

In short, the encrypted packets being sent were too large.

## Fixing OpenVPN

The preferred option is to change the MTU size in the OpenVPN configuration by adding the following:

```
tun-mtu 1440
mssfix 1392 fixed
```

## Fixing MikroTik

Other option, albeit not preferred, is to set maximum MTU size on `ether1` (WAN) to 1460 from the default of 1500.

```
/interface ethernet set ether1 mtu=1460
```

Or in the GUI under `Interfaces > ether1 > MTU`.

![winbox](winbox.png)