summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--provider_base/files/service-definitions/v1/eip-service.json.erb4
-rw-r--r--provider_base/services/openvpn.json3
-rw-r--r--puppet/modules/site_openvpn/manifests/server_config.pp12
3 files changed, 18 insertions, 1 deletions
diff --git a/provider_base/files/service-definitions/v1/eip-service.json.erb b/provider_base/files/service-definitions/v1/eip-service.json.erb
index 3b8976fd..0ecd002a 100644
--- a/provider_base/files/service-definitions/v1/eip-service.json.erb
+++ b/provider_base/files/service-definitions/v1/eip-service.json.erb
@@ -42,6 +42,10 @@
end
configuration = node.openvpn.configuration
end
+ configuration = configuration.dup
+ if configuration['fragment'] && configuration['fragment'] == 1500
+ configuration.delete('fragment')
+ end
hsh["gateways"] = gateways.compact
hsh["locations"] = locations
hsh["openvpn_configuration"] = configuration
diff --git a/provider_base/services/openvpn.json b/provider_base/services/openvpn.json
index 1906244c..11cb0dc2 100644
--- a/provider_base/services/openvpn.json
+++ b/provider_base/services/openvpn.json
@@ -24,7 +24,8 @@
"auth": "SHA1",
"cipher": "AES-128-CBC",
"keepalive": "10 30",
- "tun-ipv6": true
+ "tun-ipv6": true,
+ "fragment": 1500
}
},
"obfsproxy": {
diff --git a/puppet/modules/site_openvpn/manifests/server_config.pp b/puppet/modules/site_openvpn/manifests/server_config.pp
index 97cf2842..466f6d00 100644
--- a/puppet/modules/site_openvpn/manifests/server_config.pp
+++ b/puppet/modules/site_openvpn/manifests/server_config.pp
@@ -85,6 +85,18 @@ define site_openvpn::server_config(
key => 'tcp-nodelay',
server => $openvpn_configname;
}
+ } elsif $proto == 'udp' {
+ if $config['fragment'] != 1500 {
+ openvpn::option {
+ "fragment ${openvpn_configname}":
+ key => 'fragment',
+ value => $config['fragment'],
+ server => $openvpn_configname;
+ "mssfix ${openvpn_configname}":
+ key => 'mssfix',
+ server => $openvpn_configname;
+ }
+ }
}
openvpn::option {