Project

General

Profile

Actions

Bug #787

closed

PMTUD doesn't work with IPsec

Added by Chris Buechler over 11 years ago. Updated over 11 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
-
Category:
IPsec
Target version:
Start date:
08/02/2010
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
All
Affected Architecture:

Description

PMTUD doesn't work with IPsec, creating a black hole that causes connectivity problems at times. Best work around is to add a scrub line for IPsec VPNs, e.g. for each internal interface:

scrub in on $LAN from any to <vpns> max-mss 1420

where 1420 is default, and configurable under System > Advanced somewhere along with a checkbox to disable if desired.

Actions #1

Updated by Ermal Luçi over 11 years ago

  • Status changed from New to Feedback
  • % Done changed from 0 to 100
Actions #2

Updated by Chris Buechler over 11 years ago

  • Status changed from Feedback to Resolved
Actions

Also available in: Atom PDF