I have the problem that clearing the DF-Bit using normalisation causes service disruptions.
Sites like Reddit or Github wont work any longer when "no-df" is set.
Go to: "Firewall: Settings: Normalization"
Click on "IP Do-Not-Fragment"
Browse to https://github.com/opnsense/core/ or try to read a reddit post.
Sites dont function as expected
When directly connected to my router things work as expected. When "IP Do-Not-Fragment" is disabled everything works fine.
But enabling "IP Do-Not-Fragment" causes issues.
Please check on your own setup and report back. This bugs me.
If you clear do not fragment that will essentially disable path MTU discovery. Possibly some intermediate system or the firewall of the services you try to use decides to drop fragments altogether.
This is common practice in ingress firewalls protecting web services.
May I ask why one would want to do that - clear DF, that is?