I discovered a combination of 2 problems:
- The “VPN > VPN 1 > Advanced” section has these defaults:
tun-mtu 1500
fragment 1300
mssfix 1400
Unless you have specified fragment and mssfix on your OpenVPN server, you must change them to 0. If you change your server config to specify them, it will prevent everyone with existing ovpn configs from being able to send/receive packets even though they will be able to connect without errors.
- I created a test docker container from hub.docker.com/r/kylemanna/openvpn/ However, because the ES450 includes the deprecated “ns-cert-type server” in their client config, I am unable to connect.
Luckily, my production VPN server is old and includes the “nsCertType=server” option in its certificate, so to connect I only had to set:
fragment 0
mssfix 0
It would have saved me 126 hours of work if only I could read the openvpn.conf file the client was using. Not having access to the underlying Linux on this device is unacceptable.