pfSense

Doesn't look that mss-clamping is working on a IPsec mobile client setup.

1) In IPSec -> Advanced Settings -> Enable Maximum MSS.

2) When setting the virtual address pool in "VPN->IPsec->Mobile Clients", the table called "vpn_networks" doesn't get defined (paste from status.php):

#System aliases

loopback = "{ lo0 }"
WAN = "{ igb0 }"
LAN = "{ igb1 }"
IPsec = "{ enc0 }"

#SSH Lockout Table
table <sshlockout> persist
table <webConfiguratorlockout> persist
#Snort tables
table <snort2c>
table <virusprot>
table <bogons> persist file "/etc/bogons"
table <negate_networks>

1. User Aliases

1. Gateways
   GWWAN_DHCP = " route-to ( igb0 172.20.19.1 ) "
   GWWAN_DHCP6 = " route-to ( igb0 172.20.19.1 ) "

set loginterface igb1

set skip on pfsync0

scrub from any to <vpn_networks> max-mss 1280
scrub from <vpn_networks> to any max-mss 1280
scrub on $WAN all fragment reassemble
scrub on $LAN all fragment reassemble
---------------------------------------------------------

The result is that the scrub rule wont have any effect, since its just an empty table. This issue is observed on both 2.2.6 and 2.3.2-p1.