Den mån 10 feb. 2020 kl 11:58 skrev Simen Stavdal <[email protected]>:
> Hi Lucas, > Have you tried to manipulate the mss during conversation setup? > This is done with the max-mss directive in pf.conf. > Basically, it takes the three way handshake, and overrides the MSS value in > the handshake to something lower than the default. > This might fix the http/ssh issues one might see, because both of those run over TCP, but MSS fixups will not correct large UDP or icmp packets, or any other non-TCP protocol one might run over that ipsec, so making sure the traffic is below the MTU should be the end goal, not fixing 90% with pf. -- May the most significant bit of your life be positive.
