On Mon, Feb 10, 2020 at 05:15:00PM +0000, Peter M??ller wrote: > Hello Lucas, > > as far as I understood, setting MTU on encN interfaces is not supported > since it is not mentioned by enc(4) and setting it manually fails: > > > machine# ifconfig enc0 mtu 1500 > > ifconfig: SIOCSIFMTU: Inappropriate ioctl for device > > If you do not want to use GRE tunnels or gif interfaces, I suppose truncating > MSS via pf might be an acceptable but not elegant solution:
I have max-mss and reassemble tcp: match in on gre0 scrub (max-mss 1456, reassemble tcp) However still experienced about 5% packet loss when i run speedtest.net through the tunnel. In my instance, the solution for eliminating packet loss over the long distance ipsec/gre tunnel was putting in a queue: queue hfsq-gre0 on gre0 flows 1024 bandwidth $BW_LIMIT max $BW_LIMIT quantum 400 qlimit 1000 default .d.d.
