skip to content
 

Basic troubleshooting steps

  • If you are using Windows, make sure you are running the latest version of the OpenVPN software. The latest can be downloaded from https://openvpn.net/index.php/open-source/downloads.html . Older versions of the Windows software require you to do an additional startup step to run them as Administrator or they will fail to connect, so it is best to install the most up to date version on Windows.
  • If you are using a Mac, make sure you are running the version of the OpenVPN software recommended by the Chemistry Computer Officers at https://www.ch.cam.ac.uk/computing/openvpn-osx . Don't upgrade to newer versions until they are recommended on that page, as we find new Mac versions often have problems.
  • If you are using Windows and can start the OpenVPN GUI but get no 'Connect' option then your installation is missing its config files, or they are in the wrong place, or have been given the wrong names. Download the Windows config file and copy it into the 'config' directory within OpenVPN: if you installed to the default location (c:\Program Files (x86)\OpenVPN), that directory will be c:\Program Files (x86)\OpenVPN\config\
  • Make sure you are actually connected to the VPN by visiting http://apps.ch.cam.ac.uk/vpn/vpn-test
  • If the VPN software won't accept your password then check you are typing the right one:
    • Admitto password, in which case your username for OpenVPN is your crsid (your Admitto username)
    • ChemNet token, in which case your username for OpenVPN is your crsid followed by @ch.cam.ac.uk
    • You cannot use your UIS password to connect to this service

VPN connects but runs very slowly

Some networks and computers do not work well with the Chemistry OpenVPN default settings. A common symptom is that basic network connectivity is OK, but loading large web pages is very slow or doesn't work at all. If you are having performance problems when connected to the Chemistry VPN it can be worth trying some of the suggestions below. Whether they help or make things worse depends a great deal on the network you are connected to, so only try these if you are having real problems. They require altering your OpenVPN config file. Make sure to back up the original file before you change it.

Do not try more than one of these suggestions at once because some combinations are incompatible.

  • Try using TCP rather than UDP to connect. This leads to lower performance overall, but can work around certain kinds of network problem. To do that you need to do one of the following:
    • If you have a config file you can edit, replace the line "proto udp" in your config file with "proto tcp" . This is the easiest way to get TCP for Windows clients. 
    • If your client provides a GUI for configuration look for an option saying something like "Use a TCP connection" and enable it
    • There is a config file for Chemistry OpenVPN with TCP that should be importable into Linux with Network Manager, Android, and iOS at http://downloads.ch.cam.ac.uk/vpn/2020/chemistrytcp.ovpn .
  • Set the link-mtu setting to a lower number than the default 1500. 1300 is a good place to start. Not all OpenVPN software supports this option so you may find you can't do this. Setting it will lead to complaints from your client about a settings mismatch with the server, but has been observed to help on some networks. Either:
    • Edit your config file and add a line saying "link-mtu 1300" . It can go anywhere in the config file.
    • If your client provides a GUI for configuration look for an option saying something like "Use custom link maximum transmission unit", turn it on, and set the MTU value to 1300.
  • Set the tun-mtu setting to a lower number than the default 1500. 1300 is a good place to start. This will lead to complaints from your client about a settings mismatch with the server, but has been observed to help on some networks. To do that, do one of the following:
    • Edit your config file and add a line saying "tun-mtu 1300" . It can go anywhere in the config file.
    • If your client provides a GUI for configuration look for an option saying something like "Use custom tunnel maximum transmission unit", turn it on, and set the MTU value to 1300.
  • Set the mssfix parameter. This is relatively new and not available in all OpenVPN software. Try one of these:
    • Edit your config file and add a line saying "mssfix 1300"
    • If your client provides a GUI for configuration look for an option saying something like "Restrict tunnel TCP maximum segment size" and turn it on. If you can set a number for the maximum segment size try 1300.

Can't find what you're looking for?

Then you might find our A-Z site index useful. Or, you can search the site using the box at the top of the page, or by clicking here.