Project

General

Profile

Bug #787

PMTUD doesn't work with IPsec

Added by Chris Buechler almost 9 years ago. Updated almost 9 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
-
Category:
IPsec
Target version:
Start date:
08/02/2010
Due date:
% Done:

100%

Estimated time:
Affected Version:
All
Affected Architecture:

Description

PMTUD doesn't work with IPsec, creating a black hole that causes connectivity problems at times. Best work around is to add a scrub line for IPsec VPNs, e.g. for each internal interface:

scrub in on $LAN from any to <vpns> max-mss 1420

where 1420 is default, and configurable under System > Advanced somewhere along with a checkbox to disable if desired.

Associated revisions

Revision 6441fa9a (diff)
Added by Ermal Luçi almost 9 years ago

Resolves #787. Present an option to enable a scrub rule for <vpns> target to limit the mss to specified value.

History

#1 Updated by Ermal Luçi almost 9 years ago

  • Status changed from New to Feedback
  • % Done changed from 0 to 100

#2 Updated by Chris Buechler almost 9 years ago

  • Status changed from Feedback to Resolved

Also available in: Atom PDF