Thread Info
  • State Suggested Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 7 replies
  • Answers 3 answers
  • Subscribers 30 subscribers
  • Views 23287 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

IPSec VPN - Path MTU

Steppenwolf

Hej,

i have multiple IPSec tunnel with an MTU smaller than 1500. The tunnel are up but some packets are not transmitted completely. I think the XG sends packets to the tunnel with the false MTU. Is Path MTU available in XG v17? 

Thanks.



This thread was automatically locked due to age.
Parents
  • 0

    As far as I can see this is (currently) not available. MTU can only be set for interfaces so you would need to change MTU for the whole interface.

  • 0 in reply to Jelle

    Thanks for your answers. I have only IPSec tunnel. I found an iptables command to set the MSS. I have found this one in the internet:

    iptables -t mangle -I POSTROUTING -d 192.168.x.x/24 -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --set-mss 1300

    This was working for me but not reboot persistent. Is there a way to run this command at boot time automatically? 

    Will it be possible to set the MTU for IPSec in future releases? Is PMTU support for future versions planned?

Reply
  • 0 in reply to Jelle

    Thanks for your answers. I have only IPSec tunnel. I found an iptables command to set the MSS. I have found this one in the internet:

    iptables -t mangle -I POSTROUTING -d 192.168.x.x/24 -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --set-mss 1300

    This was working for me but not reboot persistent. Is there a way to run this command at boot time automatically? 

    Will it be possible to set the MTU for IPSec in future releases? Is PMTU support for future versions planned?

Children