Is there any way to put MSS on the actual IPSec tunnel?
Currently I've got IPSec up and running between two sites and it's working for normal usage. My problem is that when I have two computers with Jumbo Frames enabled, one on each site the traffic is not going through the tunnel. I dont want to disable jumbo frames on local communication. Now I've got it temporarily working by setting MSS on the firewall's interface to which the computer with large MTU is connected.
I would like to set MSS on the actual tunnel interface so all communication between the two sites is non fragmented, something like: iptables -I FORWARD 1 -o -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --set-mss 1440
Is it possible and how do you do that?
This thread was automatically locked due to age.
