IPsec and PMTU problems

This post has a very good explanation of the problems I’ve been suffering with my IPsec tunnels recently:

MTU woes in IPsec tunnels and how you can fix it

Two things have fixed my stalled transmissions over IPsec tunnels:

  1. Clamping the MSS of the IPsec connections to 1280
  2. Setting the sysctl net.ipv4.tcp_mtu_probing=1

As seen in this post, the values of net.ipv4.tcp_mtu_probing are:

 0 - Disabled
 1 - Disabled by default, enabled when an ICMP black hole detected
 2 - Always enabled, use initial MSS of tcp_base_mss.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s