There is a well-known IPSEC VPN performance issue which can be resolved by adding this command:
iptables -I FORWARD 1 -o -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --set-mss 1320
This command works fine from the console for me. In order to survive a reboot, I added it to /etc/init.d/iptables in the start section just below:
iptables -I FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
I rebooted the UTM and then checked with: iptables -n -L --line-numbers
I expected to see:
Chain FORWARD (policy DROP)
num target prot opt source destination
1 TCPMSS tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x06/0x02 TCPMSS set 1320
..
..
but there is no such line at all 
Does any of you know a solution? I'm running UTM 9.705
Best wishes,
JockyW
This thread was automatically locked due to age.
