One thing I can’t decide with OpenVPN is whether to use UDP or TCP for the tunnel. The online guides for this are nonsense, babbling about how “TCP is more reliable so use it if you don’t want corrupted file transfers”. That’s not how it works.
My own impression is UDP is clearly a better choice for low level IP tunneling, in the abstract. The OpenVPN community seems to prefer UDP as well. OTOH it may not always work. Some networks don’t really route UDP correctly and I have a suspicion random UDP ports are more likely to be blocked than random TCP ports. (Best idea; run your VPN endpoint on TCP port 80. Ugh.)
In practice, from my Grass Valley client with the weirdo fixed wireless network, UDP isn’t working. Well it sort of works but the link is limited to 60kbps instead of the burst max of 2000kbps, and it’s flaky. Online docs suggest this is an MTU problem, in particular if you don’t have MTU path negotiation working. I could well believe I don’t. This FAQ suggests setting “mssfix 1200” as a workaround but it didn’t help. I tried the “tun-mtu 1500 fragment 1300 mssfix” config the docs suggest as a workaround but that broke the connection entirely. No idea why, but the log had some warning about “FRAG_TEST not implemented”. Maybe it’s because I only set it on one side of the tunnel (see this FAQ). Whatever, TCP is working, I’ll stick with that.
My Mac has another problem where the network doesn’t work for the first ~30 seconds after the VPN link establishes. It feels like some sort of timeout problem, maybe it’s using the wrong route or DNS is messed up or something. It may be specifically a Chrome problem.
Update: months later I realize this was a router QoS problem.