> On Oct 30, 2020, at 11:44 AM, Brian Brombacher <[email protected]> wrote:
>
>
>
>>> On Oct 29, 2020, at 11:56 PM, David Diggles <[email protected]> wrote:
>>>
>>> On Mon, Feb 10, 2020 at 05:15:00PM +0000, Peter M??ller wrote:
>>> Hello Lucas,
>>>
>>> as far as I understood, setting MTU on encN interfaces is not supported
>>> since it is not mentioned by enc(4) and setting it manually fails:
>>>
>>>> machine# ifconfig enc0 mtu 1500
>>>> ifconfig: SIOCSIFMTU: Inappropriate ioctl for device
>>>
>>> If you do not want to use GRE tunnels or gif interfaces, I suppose
>>> truncating
>>> MSS via pf might be an acceptable but not elegant solution:
>>
>> I have max-mss and reassemble tcp:
>>
>> match in on gre0 scrub (max-mss 1456, reassemble tcp)
>>
>
> How did you calculate the max-mss? It seems too high for a double tunnel
> setup.
Also, sorry for double post, you need the match rule on enc0 to impact TCP
streams going over IPSec to change their mss. I don’t have the old emails for
this thread, so not sure if IPSec is your outer tunnel or inner here.
>
>> However still experienced about 5% packet loss when i run speedtest.net
>> through
>> the tunnel.
>>
>> In my instance, the solution for eliminating packet loss over the long
>> distance
>> ipsec/gre tunnel was putting in a queue:
>>
>> queue hfsq-gre0 on gre0 flows 1024 bandwidth $BW_LIMIT max $BW_LIMIT quantum
>> 400 qlimit 1000 default
>>
>> .d.d.
>>
