[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Stalled connections [LONG]
Jason Opperisano pÃÅe v PÃ 01. 10. 2004 v 11:32 -0400:
> On Thu, 2004-09-30 at 04:55, Martin Lexa wrote:
> > # Normalization: reassemble fragments and resolve or reduce traffic
> > ambiguities.# scrub in all
> > scrub in on $ext_if all no-df
> > scrub out on $ext_if all no-df random-id max-mss 1440
> > scrub in on enc0 all no-df
> > scrub out on enc0 all no-df
> > scrub in on $int_if all no-df
> > scrub out on $int_if all no-df random-id
> have you tried lower max-mss values than 1440? you're cutting it pretty
> close there (1500 - 20 - 40). i know it makes mathematical sense in
> theory; but in reality, i've always had to ratchet my WiFi over IPSec
> traffic down to an MTU of 1350-1370 (MSS of 1310-1330) to eliminate
> just a thought.
Definitely the good one. Thank you.
After one day uptime the problem returns. Changing the MSS value
to 1310 fixed it. Thank you.
Still have few questions:
1) Why higher MSS value works after reboot?
2) Should I scrub on enc0 or it is, for example, on wi0 interface
scrub in / out on enc0 ... ?
3) Where should I set max-mss scrubbing option? For incoming
direction (scrub in)? For enc0 interface?
scrub in on $ext_if all no-df
scrub out on $ext_if all no-df random-id max-mss 1310
scrub in on enc0 all no-df
scrub out on enc0 all no-df
scrub in on $int_if all no-df
scrub out on $int_if all no-df random-id
is this ok or should I do on enc0:
scrub in / out on enc0 all no-df max-mss 1310?