Where "correctly" means "without fragmentation". The network will fragment larger packets and still pass them OK, it's just less efficient. TCP can be hinted to use smaller packets which don't require fragmentation, and that's what the MSS settings are about. --Bart On 5/3/2014 10:46 PM, Nigel Vander Houwen wrote:
Dean,
I'll answer both your emails in this one. RE the first email concerning route cache with l2tp tunnels. We saw that and have tested it on Bart's and I's uplink modems and it has not fixed the route cache issue for non-l2tp tunnels, this is confirmed by the forum ports.
The mangle rules are not related to ovpn. The issue is that the uplinks have connections (public ISPs) that limit to an MTU of 1500, and the ipip tunnel with ipsec takes up some of that for the headers, so packets must be mangled to be smaller than that to pass through the uplink nodes to and from the internet correctly.
Nigel K7NVH
On May 3, 2014, at 10:04 PM, Dean Gibson AE7Q <hamwan@ae7q.com> wrote:
Note also:
What's new in 6.11 (2014-Mar-20 09:16):
*) ... *) ovpn - make bridge mode work with big packets (do not leave extraneous padding);
Is this related to the "change-mss" firewall mangling rules in our own setup?
_______________________________________________ PSDR mailing list PSDR@hamwan.org http://mail.hamwan.org/mailman/listinfo/psdr_hamwan.org
_______________________________________________ PSDR mailing list PSDR@hamwan.org http://mail.hamwan.org/mailman/listinfo/psdr_hamwan.org