IPSec VPN - Path MTU

Question

Hej, 
 i have multiple IPSec tunnel with an MTU smaller than 1500. The tunnel are up but some packets are not transmitted completely. I think the XG sends packets to the tunnel with the false MTU. Is Path MTU available in XG v17? 
 Thanks.

RickardNordahl · Answer

Hej, 
 i have multiple IPSec tunnel with an MTU smaller than 1500. The tunnel are up but some packets are not transmitted completely. I think the XG sends packets to the tunnel with the false MTU. Is Path MTU available in XG v17? 
 Thanks.

Hello SteppenWolf 
 
 You can set the Override MSS on the WAN interface under Advanced Settings using the GUI. This will be used for your Site to Site tunnels. As you can see we have it configured.

There is also a KB about setting up Site to Site with Azure where the show where to sett the Override MSS if you would like to read more about it: https://community.sophos.com/kb/en-us/127546 
 
 Best Regards 
 Rickard

lferrara · Answer

Steppenwolf, 
 mtu can be configured only on PPTP and L2TP from console: 
 set vpn l2tp mtu 
 For the Tunnel, you can try to use ifconfig tunname mtu xxxx but the problem is that the mtu setting is not persistent with reboot. 
 Let us know. 
 Regards

Jelle · Answer

As far as I can see this is (currently) not available. MTU can only be set for interfaces so you would need to change MTU for the whole interface.