[Openswan Users] PMTU issues
Benny Amorsen
benny+usenet at amorsen.dk
Fri May 23 07:47:06 EDT 2008
"David L. Cathey" <davidc at montagar.com> writes:
> So far, the only thing that seems to have helped is setting
> net.ipv4.ip_no_pmtu_disc=1 and avoiding PMTU altogether.
If you can live with only solving the problem for TCP, I have had luck
with:
-A FORWARD -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --set-mss 1380
in netfilter on the VPN server.
That forces all forwarded TCP sessions to a MSS of 1380.
I am not sure that you actually want "handle fragmentation" turned on
with SonicWall. It may be worth it to turn that off, in order to let
the hosts handle it themselves.
/Benny
More information about the Users
mailing list