Hello, if you need clampmss then it is highly probable there is a PMTU discovery problem. The clampmss does not work for UDP.
I probably counted the size incorrectly. So you are able to ping with size 1464 and not with 1466. How about trying same ping sizes from the internet towards your site? I mean trying to ping from sites with higher MTU than yours without lower MTU links in the path. You know MTU is a size of l2 frame, so using ipv6 you are able to use higher payload sizes because of ip header size. Marek 2020-06-23 9:06 GMT+02:00, Luca Bertoncello <lucab...@lucabert.de>: > Am 23.06.2020 08:43, schrieb Luca Bertoncello: > > And another thing, I discovered right now... > >> Could you suggest me something to restrict the problem? >> Currently, I think the problem can be: >> >> 1) on Asterisk >> 2) on my Gateway/Firewall > > A couple of years ago I added this entry in my firewall: > > /sbin/iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS > --clamp-mss-to-pmtu > > since I had the problem downloading data from an Internet site using my > tablet. > I found this site explaining that: > > https://lartc.org/howto/lartc.cookbook.mtu-mss.html > > I really forgot this entry, but now I checked all entries in my > Firewall, and I see it, with my remark... > Now, the last line of the HowTo: > > -------------------------------- > # iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --set-mss > 128 > > This sets the MSS of passing SYN packets to 128. Use this if you have > VoIP with tiny packets, and huge http packets which are causing chopping > in your voice calls. > -------------------------------- > > Could it be the problem? Right now I'm not at home, so I cannot test it, > but maybe I can add an entry like: > > iptables -A FORWARD -p tcp -m multiport --ports 5060,<my high port for > SIP> --tcp-flags SYN,RST SYN -j TCPMSS --set-mss 128 > > and change the previous entry like: > > iptables -A FORWARD -p tcp -i intlan0 --tcp-flags SYN,RST SYN -j TCPMSS > --clamp-mss-to-pmtu > > to limit the behaviour on the internal LAN... > > Your opinion? > > Thanks a lot! > Luca Bertoncello > (lucab...@lucabert.de) > > -- > _____________________________________________________________________ > -- Bandwidth and Colocation Provided by http://www.api-digital.com -- > > Check out the new Asterisk community forum at: > https://community.asterisk.org/ > > New to Asterisk? Start here: > https://wiki.asterisk.org/wiki/display/AST/Getting+Started > > asterisk-users mailing list > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-users -- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- Check out the new Asterisk community forum at: https://community.asterisk.org/ New to Asterisk? Start here: https://wiki.asterisk.org/wiki/display/AST/Getting+Started asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users