Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - Buran Ded

Pages: [1]

17.7 Legacy Series / Re: [SOLVED] slow IPsec performance

« on: January 28, 2018, 07:33:18 pm »

Today i see by own eyes: opnsense reduces MSS by 100 (to 1360).

Traffic capture on webserser side:

22:14:40.305764 30:e4:db:xx:xx:xx > 52:54:00:00:xx:xx, ethertype IPv4 (0x0800), length 66: opn-s-ip.16825 > web-server-ip.80: Flags [ S ], seq 4280183093, win 8192, options [mss 1360,nop,wscale 2,nop,nop,sackOK], length 0

22:14:40.305855 52:54:00:00:xx:xx > 30:e4:db:xx:xx:xx, ethertype IPv4 (0x0800), length 66: web-server-ip.80 > opn-s-ip.16825: Flags [ S. ], seq 3520754639, ack 4280183094, win 5840, options [mss 1460,nop,nop,sackOK,nop,wscale 6], length 0

17.7 Legacy Series / Re: [SOLVED] slow IPsec performance

« on: January 28, 2018, 09:03:54 am »

I have some experiments with OpenVPN,
and i see something like ASA:
OpenVPN also defaultly transparently fixing MSS of all transiting TCP-traffic,
but fixing to MSS=1410.

17.7 Legacy Series / Re: [SOLVED] slow IPsec performance

« on: January 27, 2018, 07:42:43 pm »

Cisco ASA 55XX by default always transparently fix MSS to 1380 (norm MSS=1460)
on all transiting TCP connections on all interfaces and all RA/S2S VPNs.

This default setting is not visible in config.

But visible via ASDM:

Pages: [1]