Hi, On Sun, 7 Sep 2014 21:00:31 +0200 Jens Hansen <jensh...@gmail.com> wrote: > I can successfully connect to my opensbsd 5.5. isakmpd / npppd IPSEC L2TP > vpn setup. > But (not knowing too much about netwoking) i think i'm having a mtu > problem. I can do low volume traffic fine, but transmitting larger files > stalls. I've tried as per suggested by others around the web the > following. > Added scrub on enc0 with an max mss of the pppx0 mtu.
"scrub" should be used for the VPN tunnel internal packets. They pass through on pppx0, pppx1,...pppxN. (pppx creates a new clone for each VPN session.) "pppx" interface group should be used. match on pppx scrub ( max-mss 1410 ) > Tried with and without tcp-mss-adjust set to yes in npppd.conf. At first, I think you should set "mru" not to fragment L2TP/IPsec packets on your network and it also is used to fragment properly for the packets inside the VPN links. Also "tcp-mss-adjust yes" may be useful if you want to avoid the PMTU-D blackhole problem. --yasuoka
