-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Usage of the MSS target in iptables, usage of kernel-netlink.mtu or of MTUs on the routes in the routing tables (check `ip route get` to find what route a packet would take to some destination). You break PMTU discovery if you don't accept ctstate RELATED or drop ICMP before accepting ctstate RELATED.
On 19.09.2017 16:05, Turbo Fredriksson wrote: > On 19 Sep 2017, at 14:57, Noel Kuntze > <[email protected]> wrote: > >> Did you fix > the MSS? Is the MTU on the tunnel correct? Did you maybe break PMTU > discovery? > > Not sure, can’t remember… How do I check? -----BEGIN PGP > SIGNATURE----- iQIzBAEBCAAdFiEENSSTvrX3jmMTcq8t9U7kCwc5rWwFAlnBJsgACgkQ9U7kCwc5 rWylvA/+MI8o4EiFQUqsyxtJw/fX72JuPBURz1/DDdcmTti7HpYBJxckIaC8xDA0 mn0KyYQnIIr1unDSS47iHCNL0ksYI6iHd8V/1rjGgsHF3cCpUAeFOPCPHuXTtUQU 3ouEg3rUDU7CT5zyVvLcJddXqagckV7FOnWunrXcswtrDZKGKMbPza5msOBH/i4v jGCK5Sx+S9donoEa2ehFfOoh8eTcyts3wrewEvTyPZ7J5Yq5IzLo4wnYwley3uth bildIdu+CY7q2v7SWnUPTEC3CcyGqK8gA/X6XgmQU/o8xCy72jCaXIVp2N2F65pt gfe+nxN3GlX8b0YlHGZ4Dp/jI/cn1nbleaTYA+ayFxN7jfoVSG+qwQkPxFJ5uVzq eelXrHRMinJRuEScK/eHIPho8KKA14xxPIL46v1ZtHNKZv6ZSjVdaeFUa1ZHdbbk XYT01t0/e1PZjhWN3haFZP+CAXT//RcU7s0zbe7fmfWXPwuAZI7eHSFlOUP6Ex2D ISEZlrLT+V9leY0LKVm1y4IjH1L/3GawA8PJS3tnmXhX8LOqVqpA2f/arsFWaWNb HtLjy0abS8GXNaTB3YCOm1OTwGb//EaamdVn6ZWk4R+yqp9dXJ9vCztjC6C6Nb3J gg4/itBeBz6WODT4VOXFnyGYcw8JOfYjJdlkp3w9+KyfFBpGSEI= =PRk8 -----END PGP SIGNATURE-----
