Archive > 21.1 Legacy Series
IPsec MTU issues - pfsense has advanced MTU settings but not opnsense?
(1/1)
TheLinuxGuy:
I'm having MTU issues (unable to load websites - dell remote management) over the IPsec tunnel. I have lowered the MTU and MSS settings on my LAN but still facing issues - if I reboot the opnsense it will work for a few minutes so it seems some traffic may respect MSS but then stops working.
pfsense seems to have special settings under IPsec for this condition per https://docs.netgate.com/pfsense/en/latest/vpn/ipsec/advanced.html
other opnsense users seem to have reported the same issue without resolution: https://forum.opnsense.org/index.php?topic=17881.0
any idea what can be done?
mimugmail:
Interfaces : LAN : MSS, set to 1300.
TheLinuxGuy:
--- Quote from: mimugmail on May 16, 2021, 01:46:57 pm ---Interfaces : LAN : MSS, set to 1300.
--- End quote ---
This is exactly what I had configured and was having issues.
I ended up being able to implement a workaround.
Firewall > settings > Normalization
Added a rule:
- Interface "IPsec"
- source any
- dest any
- max MSS set to 1350
Restored LAN to have no MSS. So far its been stable for the past hour and I am uploading a large file.
mimugmail:
This doesnt makes sense as the IPsec overhead is 40 bytes, so 1300 should be fine
Navigation
[0] Message Index
Go to full version