[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Stalled connections [LONG]



Jason Opperisano pÃÅe v PÃ 01. 10. 2004 v 11:32 -0400:
> On Thu, 2004-09-30 at 04:55, Martin Lexa wrote:
> > # Normalization: reassemble fragments and resolve or reduce traffic
> > ambiguities.# scrub in all
> > scrub in on $ext_if all no-df
> > scrub out on $ext_if all no-df random-id max-mss 1440
> > scrub in on enc0 all no-df
> > scrub out on enc0 all no-df
> > scrub in on $int_if all no-df
> > scrub out on $int_if all no-df random-id
> 
> have you tried lower max-mss values than 1440?  you're cutting it pretty
> close there (1500 - 20 - 40).  i know it makes mathematical sense in
> theory; but in reality, i've always had to ratchet my WiFi over IPSec
> traffic down to an MTU of 1350-1370 (MSS of 1310-1330) to eliminate
> "stalls."
> 
> just a thought.
  Definitely the good one. Thank you.
  
  After one day uptime the problem returns. Changing the MSS value
to 1310 fixed it. Thank you.
  Still have few questions:
    1) Why higher MSS value works after reboot?
    2) Should I scrub on enc0 or it is, for example, on wi0 interface
  sufficient?
   
    scrub in / out on enc0 ... ?
    3) Where should I set max-mss scrubbing option? For incoming
direction (scrub in)? For enc0 interface?
  For example:
   ext_if="wi0"
   int_if="rl0"
   scrub in on $ext_if all no-df
   scrub out on $ext_if all no-df random-id max-mss 1310
   scrub in on enc0 all no-df
   scrub out on enc0 all no-df
   scrub in on $int_if all no-df
   scrub out on $int_if all no-df random-id
  is this ok or should I do on enc0:
    scrub in / out on enc0 all no-df max-mss 1310?
Thank you.