Archive > 21.1 Legacy Series

IPsec MTU issues - pfsense has advanced MTU settings but not opnsense?

(1/1)

TheLinuxGuy:
I'm having MTU issues (unable to load websites - dell remote management) over the IPsec tunnel. I have lowered the MTU and MSS settings on my LAN but still facing issues - if I reboot the opnsense it will work for a few minutes so it seems some traffic may respect MSS but then stops working.

pfsense seems to have special settings under IPsec for this condition per https://docs.netgate.com/pfsense/en/latest/vpn/ipsec/advanced.html

other opnsense users seem to have reported the same issue without resolution: https://forum.opnsense.org/index.php?topic=17881.0

any idea what can be done?

mimugmail:
Interfaces : LAN : MSS, set to 1300.

TheLinuxGuy:

--- Quote from: mimugmail on May 16, 2021, 01:46:57 pm ---Interfaces : LAN : MSS, set to 1300.

--- End quote ---

This is exactly what I had configured and was having issues.

I ended up being able to implement a workaround.

Firewall > settings > Normalization

Added a rule:
- Interface "IPsec"
- source any
- dest any
- max MSS set to 1350

Restored LAN to have no MSS. So far its been stable for the past hour and I am uploading a large file.

mimugmail:
This doesnt makes sense as the IPsec overhead is 40 bytes, so 1300 should be fine

Navigation

[0] Message Index