Your latency issue may potentially be attributed to an MTU size that is not supported by each hop in the network. Typically, slow or partially loading web pages within a VPN setting can be a consequence of an MTU mismatch.
The MTU, or Maximum Transmission Unit, is a crucial network parameter. It dictates the maximum data packet size, in bytes, that can be sent over your network connection. This size encompasses both the packet’s data and header information. Within a VPN context, the data is additionally encrypted.
If a network can’t accommodate the size of the packets, they need to undergo a process of reassembly, decryption, fragmentation, and re-encryption. This can create substantial overhead, leading to significant network latency.
You can mitigate this issue by determining the optimal MTU size for your network. Although various procedures can help establish the most effective MTU, a common approach involves trial and error: gradually reducing the MTU size until you achieve acceptable latency. Alternatively, the server can automatically determine the optimal MTU if you modify the configuration file, as outlined in the IPFire OpenVPN Troubleshooting Guide.
You can adjust the MTU either at the client side, which would only affect that particular client, or at the server side, which would impact all clients. If there is a discrepancy between the server’s and client’s MTU settings, the lower of the two will be used for sending data packets. In my specific case, an MTU value of 1360 has been effective across all the networks I utilize, including during my travels. As I am the sole user of my network, I’ve configured this setting in the IPFire Web User Interface, under /Services/OpenVPN/Global Settings/MTU size and I have matched it in all my clients as well.
There’s also an option to minimize potential mismatches by adjusting a second parameter: /Services/OpenVPN/Global Settings/Advanced server options/mssfix. Both parameters determine the maximum size of a packet, but they operate at different levels. The MTU value is defined at the Network layer (IP level), while ‘mssfix’ operates at the Transmission Control Layer (TCP level). Personally, I tend to rely on adjusting the MTU value.