From b9d2030beb890e8dccbbe42bfcc430a2c2702a92 Mon Sep 17 00:00:00 2001
From: elijah <elijah@riseup.net>
Date: Mon, 10 Nov 2014 20:43:24 -0800
Subject: openvpn - support customizing --fragment, and set default to 1400

---
 .../files/service-definitions/v1/eip-service.json.erb        |  4 ++++
 provider_base/services/openvpn.json                          |  3 ++-
 puppet/modules/site_openvpn/manifests/server_config.pp       | 12 ++++++++++++
 3 files changed, 18 insertions(+), 1 deletion(-)

diff --git a/provider_base/files/service-definitions/v1/eip-service.json.erb b/provider_base/files/service-definitions/v1/eip-service.json.erb
index 3b8976fd..0ecd002a 100644
--- a/provider_base/files/service-definitions/v1/eip-service.json.erb
+++ b/provider_base/files/service-definitions/v1/eip-service.json.erb
@@ -42,6 +42,10 @@
     end
     configuration = node.openvpn.configuration
   end
+  configuration = configuration.dup
+  if configuration['fragment'] && configuration['fragment'] == 1500
+    configuration.delete('fragment')
+  end
   hsh["gateways"] = gateways.compact
   hsh["locations"] = locations
   hsh["openvpn_configuration"] = configuration
diff --git a/provider_base/services/openvpn.json b/provider_base/services/openvpn.json
index 1906244c..127f5890 100644
--- a/provider_base/services/openvpn.json
+++ b/provider_base/services/openvpn.json
@@ -24,7 +24,8 @@
       "auth": "SHA1",
       "cipher": "AES-128-CBC",
       "keepalive": "10 30",
-      "tun-ipv6": true
+      "tun-ipv6": true,
+      "fragment": 1400
     }
   },
   "obfsproxy": {
diff --git a/puppet/modules/site_openvpn/manifests/server_config.pp b/puppet/modules/site_openvpn/manifests/server_config.pp
index 97cf2842..466f6d00 100644
--- a/puppet/modules/site_openvpn/manifests/server_config.pp
+++ b/puppet/modules/site_openvpn/manifests/server_config.pp
@@ -85,6 +85,18 @@ define site_openvpn::server_config(
         key     => 'tcp-nodelay',
         server  => $openvpn_configname;
     }
+  } elsif $proto == 'udp' {
+    if $config['fragment'] != 1500 {
+      openvpn::option {
+        "fragment ${openvpn_configname}":
+          key    => 'fragment',
+          value  => $config['fragment'],
+          server => $openvpn_configname;
+        "mssfix ${openvpn_configname}":
+          key    => 'mssfix',
+          server => $openvpn_configname;
+      }
+    }
   }
 
   openvpn::option {
-- 
cgit v1.2.3


From e18853b16969cb164613003edfab9a5b5800e099 Mon Sep 17 00:00:00 2001
From: elijah <elijah@riseup.net>
Date: Mon, 10 Nov 2014 20:56:38 -0800
Subject: change default openvpn fragment size back to 1500 so we don't break
 backward compatibility with older clients

---
 provider_base/services/openvpn.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/provider_base/services/openvpn.json b/provider_base/services/openvpn.json
index 127f5890..11cb0dc2 100644
--- a/provider_base/services/openvpn.json
+++ b/provider_base/services/openvpn.json
@@ -25,7 +25,7 @@
       "cipher": "AES-128-CBC",
       "keepalive": "10 30",
       "tun-ipv6": true,
-      "fragment": 1400
+      "fragment": 1500
     }
   },
   "obfsproxy": {
-- 
cgit v1.2.3