Richard, thanks for reminding me of this.
MTU size problems can have a major impact on a VPN's bandwidth. Although Tunnelblick doesn't have anything to do with the actual VPN connection or the MTU that is used (OpenVPN does all that), Tunnelblick does have a checkbox to let you use OpenVPN's built-in test for the maximum MTU size that works for a connection. To run it:
- Select a configuration to test in the left side of the "Configurations" panel of Tunnelblick's "VPN Details" window.
- Click the "Advanced" button. A new window will appear.
- Click on the "While Connected" tab in the new window.
- Put a check to the left of "Run MTU maximum size test after connecting ".
- Connect to the VPN. Wait a couple of minutes for the test to complete, then examine the Tunnelblick Log to see the results.
Remember to un-check "Run MTU maximum size test after connecting" after the test.
Also, keep in mind that MTU is complicated and depends on every device (router) between you and the Internet; thus it is dynamic as routing changes in response to loads (for example).
My comments to Bas also apply to your situation, Richard. And note that Sophos should be doing this support -- they're the ones you've paid, not OpenVPN or Tunnelblick.