Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - Buran Ded

Pages1

17.7 Legacy Series / Re: [SOLVED] slow IPsec performance

January 28, 2018, 07:33:18 PM

Today i see by own eyes: opnsense reduces MSS by 100 (to 1360).

Traffic capture on webserser side:

22:14:40.305764 30:e4:db:xx:xx:xx > 52:54:00:00:xx:xx, ethertype IPv4 (0x0800), length 66: opn-s-ip.16825 > web-server-ip.80: Flags [ S ], seq 4280183093, win 8192, options [mss 1360,nop,wscale 2,nop,nop,sackOK], length 0

22:14:40.305855 52:54:00:00:xx:xx > 30:e4:db:xx:xx:xx, ethertype IPv4 (0x0800), length 66: web-server-ip.80 > opn-s-ip.16825: Flags [ S. ], seq 3520754639, ack 4280183094, win 5840, options [mss 1460,nop,nop,sackOK,nop,wscale 6], length 0

17.7 Legacy Series / Re: [SOLVED] slow IPsec performance

January 28, 2018, 09:03:54 AM

I have some experiments with OpenVPN,
and i see something like ASA:
OpenVPN also defaultly transparently fixing MSS of all transiting TCP-traffic,
but fixing to MSS=1410.

17.7 Legacy Series / Re: [SOLVED] slow IPsec performance

January 27, 2018, 07:42:43 PM

Cisco ASA 55XX by default always transparently fix MSS to 1380 (norm MSS=1460)
on all transiting TCP connections on all interfaces and all RA/S2S VPNs.

This default setting is not visible in config.

But visible via ASDM:

Pages1