Feature: OPENVPN_MSSFIX variable

internal/params/openvpn.go

@@ -76,3 +76,11 @@ func (r *reader) GetOpenVPNAuth() (auth string, err error) {
 func (r *reader) GetOpenVPNIPv6() (ipv6 bool, err error) {
 	return r.env.OnOff("OPENVPN_IPV6", libparams.Default("off"))
 }
+
+func (r *reader) GetOpenVPNMSSFix() (mssFix uint16, err error) {
+	n, err := r.env.IntRange("OPENVPN_MSSFIX", 0, 10000, libparams.Default("0"))
+	if err != nil {
+		return 0, err
+	}
+	return uint16(n), nil
+}

internal/params/params.go

@@ -55,6 +55,7 @@ type Reader interface {
 	GetOpenVPNCipher() (cipher string, err error)
 	GetOpenVPNAuth() (auth string, err error)
 	GetOpenVPNIPv6() (tunnel bool, err error)
+	GetOpenVPNMSSFix() (mssFix uint16, err error)
 
 	// PIA getters
 	GetPortForwarding() (activated bool, err error)

internal/provider/cyberghost.go

@@ -6,6 +6,7 @@ import (
 	"math/rand"
 	"net"
 	"net/http"
+	"strconv"
 	"strings"
 
 	"github.com/qdm12/gluetun/internal/constants"
@@ -108,6 +109,9 @@ func (c *cyberghost) BuildConf(connection models.OpenVPNConnection,
 	if !settings.Root {
 		lines = append(lines, "user "+username)
 	}
+	if settings.MSSFix > 0 {
+		lines = append(lines, "mssfix "+strconv.Itoa(int(settings.MSSFix)))
+	}
 	lines = append(lines, []string{
 		"<ca>",
 		"-----BEGIN CERTIFICATE-----",

internal/provider/mullvad.go

@@ -6,6 +6,7 @@ import (
 	"math/rand"
 	"net"
 	"net/http"
+	"strconv"
 
 	"github.com/qdm12/gluetun/internal/constants"
 	"github.com/qdm12/gluetun/internal/firewall"
@@ -117,6 +118,9 @@ func (m *mullvad) BuildConf(connection models.OpenVPNConnection,
 	if !settings.Root {
 		lines = append(lines, "user "+username)
 	}
+	if settings.MSSFix > 0 {
+		lines = append(lines, "mssfix "+strconv.Itoa(int(settings.MSSFix)))
+	}
 	lines = append(lines, []string{
 		"<ca>",
 		"-----BEGIN CERTIFICATE-----",

internal/provider/nordvpn.go

@@ -6,6 +6,7 @@ import (
 	"math/rand"
 	"net"
 	"net/http"
+	"strconv"
 
 	"github.com/qdm12/gluetun/internal/constants"
 	"github.com/qdm12/gluetun/internal/firewall"
@@ -87,6 +88,11 @@ func (n *nordvpn) BuildConf(connection models.OpenVPNConnection,
 	if len(settings.Auth) == 0 {
 		settings.Auth = "sha512"
 	}
+
+	const defaultMSSFix = 1450
+	if settings.MSSFix == 0 {
+		settings.MSSFix = defaultMSSFix
+	}
 	lines = []string{
 		"client",
 		"dev tun",
@@ -97,7 +103,7 @@ func (n *nordvpn) BuildConf(connection models.OpenVPNConnection,
 		// Nordvpn specific
 		"tun-mtu 1500",
 		"tun-mtu-extra 32",
-		"mssfix 1450",
+		"mssfix " + strconv.Itoa(int(settings.MSSFix)),
 		"ping 15",
 		"ping-restart 0",
 		"ping-timer-rem",

internal/provider/piav4.go

@@ -12,6 +12,7 @@ import (
 	"net"
 	"net/http"
 	"net/url"
+	"strconv"
 	"strings"
 	"time"
 
@@ -164,6 +165,9 @@ func (p *pia) BuildConf(connection models.OpenVPNConnection,
 	if !settings.Root {
 		lines = append(lines, "user "+username)
 	}
+	if settings.MSSFix > 0 {
+		lines = append(lines, "mssfix "+strconv.Itoa(int(settings.MSSFix)))
+	}
 	lines = append(lines, []string{
 		"<crl-verify>",
 		"-----BEGIN X509 CRL-----",

internal/provider/privado.go

@@ -6,6 +6,7 @@ import (
 	"math/rand"
 	"net"
 	"net/http"
+	"strconv"
 
 	"github.com/qdm12/gluetun/internal/constants"
 	"github.com/qdm12/gluetun/internal/firewall"
@@ -107,6 +108,9 @@ func (s *privado) BuildConf(connection models.OpenVPNConnection,
 	if !settings.Root {
 		lines = append(lines, "user "+username)
 	}
+	if settings.MSSFix > 0 {
+		lines = append(lines, "mssfix "+strconv.Itoa(int(settings.MSSFix)))
+	}
 	lines = append(lines, []string{
 		"<ca>",
 		"-----BEGIN CERTIFICATE-----",

internal/provider/purevpn.go

@@ -6,6 +6,7 @@ import (
 	"math/rand"
 	"net"
 	"net/http"
+	"strconv"
 
 	"github.com/qdm12/gluetun/internal/constants"
 	"github.com/qdm12/gluetun/internal/firewall"
@@ -111,6 +112,9 @@ func (p *purevpn) BuildConf(connection models.OpenVPNConnection,
 	if !settings.Root {
 		lines = append(lines, "user "+username)
 	}
+	if settings.MSSFix > 0 {
+		lines = append(lines, "mssfix "+strconv.Itoa(int(settings.MSSFix)))
+	}
 	lines = append(lines, []string{
 		"<ca>",
 		"-----BEGIN CERTIFICATE-----",

internal/provider/surfshark.go

@@ -6,6 +6,7 @@ import (
 	"math/rand"
 	"net"
 	"net/http"
+	"strconv"
 
 	"github.com/qdm12/gluetun/internal/constants"
 	"github.com/qdm12/gluetun/internal/firewall"
@@ -82,6 +83,12 @@ func (s *surfshark) BuildConf(connection models.OpenVPNConnection,
 	if len(settings.Auth) == 0 {
 		settings.Auth = "SHA512"
 	}
+
+	const defaultMSSFix = 1450
+	if settings.MSSFix == 0 {
+		settings.MSSFix = defaultMSSFix
+	}
+
 	lines = []string{
 		"client",
 		"dev tun",
@@ -92,7 +99,7 @@ func (s *surfshark) BuildConf(connection models.OpenVPNConnection,
 		// Surfshark specific
 		"tun-mtu 1500",
 		"tun-mtu-extra 32",
-		"mssfix 1450",
+		"mssfix " + strconv.Itoa(int(settings.MSSFix)),
 		"ping 15",
 		"ping-restart 60",
 		"ping-timer-rem",

internal/provider/vyprvpn.go

@@ -6,6 +6,7 @@ import (
 	"math/rand"
 	"net"
 	"net/http"
+	"strconv"
 
 	"github.com/qdm12/gluetun/internal/constants"
 	"github.com/qdm12/gluetun/internal/firewall"
@@ -109,6 +110,9 @@ func (v *vyprvpn) BuildConf(connection models.OpenVPNConnection,
 	if !settings.Root {
 		lines = append(lines, "user "+username)
 	}
+	if settings.MSSFix > 0 {
+		lines = append(lines, "mssfix "+strconv.Itoa(int(settings.MSSFix)))
+	}
 	lines = append(lines, []string{
 		"<ca>",
 		"-----BEGIN CERTIFICATE-----",

internal/provider/windscribe.go

@@ -6,6 +6,7 @@ import (
 	"math/rand"
 	"net"
 	"net/http"
+	"strconv"
 	"strings"
 
 	"github.com/qdm12/gluetun/internal/constants"
@@ -114,6 +115,9 @@ func (w *windscribe) BuildConf(connection models.OpenVPNConnection,
 	if !settings.Root {
 		lines = append(lines, "user "+username)
 	}
+	if settings.MSSFix > 0 {
+		lines = append(lines, "mssfix "+strconv.Itoa(int(settings.MSSFix)))
+	}
 	lines = append(lines, []string{
 		"<ca>",
 		"-----BEGIN CERTIFICATE-----",

internal/settings/openvpn.go

@@ -14,6 +14,7 @@ type OpenVPN struct {
 	User      string                  `json:"user"`
 	Password  string                  `json:"password"`
 	Verbosity int                     `json:"verbosity"`
+	MSSFix    uint16                  `json:"mssfix"`
 	Root      bool                    `json:"run_as_root"`
 	Cipher    string                  `json:"cipher"`
 	Auth      string                  `json:"auth"`
@@ -52,6 +53,10 @@ func GetOpenVPNSettings(paramsReader params.Reader, vpnProvider models.VPNProvid
 	if err != nil {
 		return settings, err
 	}
+	settings.MSSFix, err = paramsReader.GetOpenVPNMSSFix()
+	if err != nil {
+		return settings, err
+	}
 	switch vpnProvider {
 	case constants.PrivateInternetAccess:
 		settings.Provider, err = GetPIASettings(paramsReader)

internal/settings/openvpn_test.go

@@ -20,7 +20,7 @@ func Test_OpenVPN_JSON(t *testing.T) {
 	data, err := json.Marshal(in)
 	require.NoError(t, err)
 	//nolint:lll
-	assert.Equal(t, `{"user":"","password":"","verbosity":0,"run_as_root":true,"cipher":"","auth":"","provider":{"name":"name","server_selection":{"network_protocol":"","regions":null,"group":"","countries":null,"cities":null,"hostnames":null,"isps":null,"owned":false,"custom_port":0,"numbers":null,"encryption_preset":""},"extra_config":{"encryption_preset":"","openvpn_ipv6":false},"port_forwarding":{"enabled":false,"filepath":""}}}`, string(data))
+	assert.Equal(t, `{"user":"","password":"","verbosity":0,"mssfix":0,"run_as_root":true,"cipher":"","auth":"","provider":{"name":"name","server_selection":{"network_protocol":"","regions":null,"group":"","countries":null,"cities":null,"hostnames":null,"isps":null,"owned":false,"custom_port":0,"numbers":null,"encryption_preset":""},"extra_config":{"encryption_preset":"","openvpn_ipv6":false},"port_forwarding":{"enabled":false,"filepath":""}}}`, string(data))
 	var out OpenVPN
 	err = json.Unmarshal(data, &out)
 	require.NoError(t, err)