Add MTU/MSS handling #1

New Issue

lauri · 2021-06-17T04:54:13Z

lauri commented

2021-06-17 04:54:13 +00:00

Add either MTU and MSS handling via config.py in server repo and default to minimal sane values

iptables -t mangle -A FORWARD -o eth0 \
	-p tcp -m tcp --tcp-flags SYN,RST SYN \
	-m tcpmss --mss 1361:1536 \
	-j TCPMSS --set-mss 1360

https://www.zeitgeist.se/2013/11/26/mtu-woes-in-ipsec-tunnels-how-to-fix/

Add either MTU and MSS handling via `config.py` in `server` repo and default to minimal sane values ``` iptables -t mangle -A FORWARD -o eth0 \ -p tcp -m tcp --tcp-flags SYN,RST SYN \ -m tcpmss --mss 1361:1536 \ -j TCPMSS --set-mss 1360 ``` https://www.zeitgeist.se/2013/11/26/mtu-woes-in-ipsec-tunnels-how-to-fix/

lauri changed title from ~~Add MTU handling~~ to Add MTU/MSS handling

2021-06-17 04:54:19 +00:00

lauri commented

2021-06-17 04:56:16 +00:00

Possibly also tune charon.fragment_size with same value for IPSec daemon.

https://wiki.strongswan.org/projects/strongswan/wiki/Strongswanconf

Possibly also tune `charon.fragment_size` with same value for IPSec daemon. https://wiki.strongswan.org/projects/strongswan/wiki/Strongswanconf

lauri commented

2021-06-17 04:59:31 +00:00

Possibly also keep --tun-mtu on OpenVPN aligned to the values and disable internal fragmentation for OpenVPN.

Possibly also keep `--tun-mtu` on OpenVPN aligned to the values and disable internal fragmentation for OpenVPN.

Sign in to join this conversation.

No Label

No Milestone

No project

No Assignees

1 Participants

Notifications

Due Date

The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: pinecrypt/pinecrypt-gateway-firewall#1