Date: Sun, 23 Dec 2018 15:01:52 +0000 From: Harry Duncan <usr.src.linux@gmail.com> To: freebsd-questions@freebsd.org Subject: FreeBSD GRE tunnels / MTU question Message-ID: <CAHAPYVAUUCbTM5Frc7Bn2Gi9DQkJHbtv7-ttQZf97dyQ3YaNYw@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
Guys, Hoping someone here has experience of this, have a server on one end of a VPN tunnel, and clients on a remote site which received enrypted communications from the server. If the packets get fragmented, the communications bread down. Each site connects to the net through a FreeBSD server which connects to a VDSL router in bridged mode, the FreeBSD server uses pppoe and connects to the internet, and uses PF to protect th lans on both ends. GRE tunnels are used to form a wide area network with routing between the private lans. I've worked my way through setting the MTU on the lan interface to Jumbo frame size, I have the VPN GRE tunnels on super jumbo frame size. I have pf scrub set to what I think is the optimal. One client successfully registered and fourteen others havent, so I need to work harder! These sites mostly connect via VDSL service where at the hardware router level, the router connects to the DSLAM with a maximum MTU of 1462 bytes which is much less than the 9000 bytes jumbo frame size being used by the GRE tunnels In your experience, with a VPN tunnel which is essentially bridging across the VDSL lan at a lower MTU, will the packet fragmentation at the DSL level impact the packets travelling within the encrypted VPN tunnel and / or do you have any tips on how I could examine this in practice to see? Thanks, Harry.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAHAPYVAUUCbTM5Frc7Bn2Gi9DQkJHbtv7-ttQZf97dyQ3YaNYw>