Bug #7005
closed
IPsec mss clamping not working for mobile clients
100%
Description
Doesn't look that mss-clamping is working on a IPsec mobile client setup.
1) In IPSec -> Advanced Settings -> Enable Maximum MSS.
2) When setting the virtual address pool in "VPN->IPsec->Mobile Clients", the table called "vpn_networks" doesn't get defined (paste from status.php):
#System aliases
loopback = "{ lo0 }"
WAN = "{ igb0 }"
LAN = "{ igb1 }"
IPsec = "{ enc0 }"
#SSH Lockout Table
table <sshlockout> persist
table <webConfiguratorlockout> persist
#Snort tables
table <snort2c>
table <virusprot>
table <bogons> persist file "/etc/bogons"
table <negate_networks>
- User Aliases
- Gateways
GWWAN_DHCP = " route-to ( igb0 172.20.19.1 ) "
GWWAN_DHCP6 = " route-to ( igb0 172.20.19.1 ) "
set loginterface igb1
set skip on pfsync0
scrub from any to <vpn_networks> max-mss 1280
scrub from <vpn_networks> to any max-mss 1280
scrub on $WAN all fragment reassemble
scrub on $LAN all fragment reassemble
---------------------------------------------------------
The result is that the scrub rule wont have any effect, since its just an empty table. This issue is observed on both 2.2.6 and 2.3.2-p1.
Updated by 
Updated by 
Updated by