MSS Clamping

MagikMark · December 13, 2023, 12:21:23 AM

I'm considering MSS value 1448. I just would like to confirm that I understood it right what is indicated on the "help". It would deduct a value of 40 on the MSS field. So, the value that I need to put on the field is MSS 1488. Is that right?

Monviech (Cedrik) · December 13, 2023, 09:50:01 AM

You have to subtract it from the MTU.

If your MTU is 1500 bytes and you have IPv6 TCP packets that are 60 bytes (IPv6 + TCP header size), your MSS would be 1440 bytes.

Patrick M. Hausen · December 13, 2023, 10:21:51 AM

Monviech, the help text in the UI explicitly states that OPNsense would be doing that subtraction and that you should put the MTU, not the MSS, into the field which is confusingly labelled "MSS". The OP just wants to make sure the help text is actually correct. Go check for yourself ;)

Monviech (Cedrik) · December 13, 2023, 10:47:58 AM

@Patrick You are right, that help text sounds really confusing.

I would rather use "Firewall: Settings: Normalization" and create a rule for the interface there instead of putting a value in the interface MSS field.

MSS Clamping

MagikMark

December 13, 2023, 12:21:23 AM

Monviech (Cedrik)

December 13, 2023, 09:50:01 AM #1

Patrick M. Hausen

December 13, 2023, 10:21:51 AM #2

Monviech (Cedrik)

December 13, 2023, 10:47:58 AM #3