IPSEC VTI Interface neighbor MTU 1500 is larger then ipsec2000´s MTU 1400

pete35

I have some IPSEC VTI Tunnels up and running, after a restart, one of the vti interfaces comes up with the wrong MTU size settings.

Feb 12 15:55:21 ospfd 77445 Packet[DD]: Neighbor 10.1.44.101 MTU 1500 is larger than [ipsec2000:10.1.99.1]'s MTU 1400

After digging in i saved the settings of the smaller VTI Interface and everythings starts working again.

But: at both sites the MTU is set to 1500 ... so it shouldnt resize it to 1400 at startup ....

jimp

https://redmine.pfsense.org/issues/9111 (Fixed in 2.4.5)

pete35

Thank you, one of the boxes which im waiting for the release.... and dont want to update top early...

jimp

You can install the System Patches package and then create an entry for affe8a552ef1f7b8e59f3b60fd1421aa46f45b03 to apply the fix. It's a fairly small change and should be safe.

pete35

@jimp said in IPSEC VTI Interface neighbor MTU 1500 is larger then ipsec2000´s MTU 1400:

affe8a552ef1f7b8e59f3b60fd1421aa46f45b03

Done. Thank you.