This is spooky!! I ran
ip link set dev eth0 mtu 1500
on all instances in the chain. Then run
iptables -A FORWARD -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS
--clamp-mss-to-pmtu
iptables -A FORWARD -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS
--set-mss 128
on both the VPN instances.
Still didn’t work.
I then reverted all that, set the MTU on the interface BACK to 9001 on
all the instances AND deleted those iptable rules - s/-A/-D/g, and all of
a sudden it worked!!
Very spooky!
signature.asc
Description: Message signed with OpenPGP
