Project

General

Profile

Actions
Copy link

Correction #15075

closed

Changing MSS for IPsec

Added by Mike Moore over 1 year ago. Updated over 1 year ago.

Status:
Closed
Priority:
Normal
Assignee:
Jim Pingle
Category:
IPsec
Target version:
-
Start date:
Due date:
% Done:

100%

Estimated time:

Description

The documentation states to change MSS for IPsec: https://docs.netgate.com/pfsense/en/latest/troubleshooting/low-throughput.html#vpn-mtu-issues
That is incorrect.

It should be in System / Advanced/ Firewall & NAT
The section is called "VPN Packet Processing"

Actions
Copy link
 #1

Updated by Mike Moore over 1 year ago

Also the other popular VPN - OpenVPN - has their own way of changing MTU and MSS which should be added to the same documentation section as well. At the very least include both popular VPN technologies

For OpenVPN in custom options
tun-mtu xxxx;
mssfix xxxx;

Actions
Copy link
 #2

Updated by Jim Pingle over 1 year ago

  • Assignee set to Jim Pingle
Actions
Copy link
 #3

Updated by Jim Pingle over 1 year ago

  • Status changed from New to Closed
  • % Done changed from 0 to 100

I updated the menu location for the option: https://gitlab.netgate.com/docs/pfSense-docs/-/commit/14d49c53df3133db0f644ba6db84963cc05ab4e5

That already affects OpenVPN, there should be no need to mess with OpenVPN custom options, that is far more likely to break something than help.

The OpenVPN docs recommend against using tun-mtu, and there is no need to use mssfix when PF can handle that in a more flexible way via this option.

Actions
Copy link

Also available in: Atom PDF