Add MTU/MSS handling #1

New Issue

Open

opened 2021-06-17 04:54:13 +00:00 by lauri · 2 comments

lauri commented 2021-06-17 04:54:13 +00:00

Owner

Copy Link

Add either MTU and MSS handling via config.py in server repo and default to minimal sane values

iptables -t mangle -A FORWARD -o eth0 \
	-p tcp -m tcp --tcp-flags SYN,RST SYN \
	-m tcpmss --mss 1361:1536 \
	-j TCPMSS --set-mss 1360

https://www.zeitgeist.se/2013/11/26/mtu-woes-in-ipsec-tunnels-how-to-fix/

Add either MTU and MSS handling via `config.py` in `server` repo and default to minimal sane values ``` iptables -t mangle -A FORWARD -o eth0 \ -p tcp -m tcp --tcp-flags SYN,RST SYN \ -m tcpmss --mss 1361:1536 \ -j TCPMSS --set-mss 1360 ``` https://www.zeitgeist.se/2013/11/26/mtu-woes-in-ipsec-tunnels-how-to-fix/

lauri changed title from Add MTU handling to Add MTU/MSS handling 2021-06-17 04:54:19 +00:00

lauri commented 2021-06-17 04:56:16 +00:00

Author

Owner

Copy Link

Possibly also tune charon.fragment_size with same value for IPSec daemon.

https://wiki.strongswan.org/projects/strongswan/wiki/Strongswanconf

Possibly also tune `charon.fragment_size` with same value for IPSec daemon. https://wiki.strongswan.org/projects/strongswan/wiki/Strongswanconf

lauri commented 2021-06-17 04:59:31 +00:00

Author

Owner

Copy Link

Possibly also keep --tun-mtu on OpenVPN aligned to the values and disable internal fragmentation for OpenVPN.

Possibly also keep `--tun-mtu` on OpenVPN aligned to the values and disable internal fragmentation for OpenVPN.

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

master

No results found.

Labels

No items

No Label

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

lauri marva

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: pinecrypt/pinecrypt-gateway-firewall#1

No description provided.