Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    IPSEC problem MSS clamping [Solved]

    Scheduled Pinned Locked Moved IPsec
    4 Posts 2 Posters 1.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • W
      william.salvador
      last edited by

      Hi, the MSS clamping not work in pfsense 2.3.1.  not increment IPsec adress computer in table vpn_networks.

      PFSENSE 2.3.1
      table <vpn_networks>{ 10.120.163.0/24 10.120.167.0/24 10.120.168.0/24 10.120.169.0/24 10.120.170.0/24 }
      scrub from any to <vpn_networks>max-mss 1380

      PFSENSE 2.1.4

      table <vpn_networks>{ 10.64.224.177 10.120.163.0/24 10.120.167.0/24 10.120.168.0/24 10.120.169.0/24 10.120.170.0/24 }
      scrub from any to <vpn_networks>max-mss 1380
      scrub from <vpn_networks>to any max-mss 1380

      My IPSEC IP is 10.64.224.177.

      I have upgrade pfsense to 2.3.1

      How to increment on shell the table vpn_networks adress ip computer ?</vpn_networks></vpn_networks></vpn_networks></vpn_networks></vpn_networks>

      1 Reply Last reply Reply Quote 0
      • W
        william.salvador
        last edited by

        I resolved:
        manually add on the file  /etc/inc/filter.inc

        on line 781 my ip adress:

        $aliases .= "table <vpn_networks>{ 10.64.224.177 $vpns_list }\n";

        And i clicked save buton on Ipsec advanced configuration to validate the configuration

        I ask correction in ipsec for this!</vpn_networks>

        1 Reply Last reply Reply Quote 0
        • jimpJ
          jimp Rebel Alliance Developer Netgate
          last edited by

          Where exactly is 10.64.224.177 defined? In an IPsec Phase 2 entry?

          Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

          Need help fast? Netgate Global Support!

          Do not Chat/PM for help!

          1 Reply Last reply Reply Quote 0
          • W
            william.salvador
            last edited by

            @jimp:

            Where exactly is 10.64.224.177 defined? In an IPsec Phase 2 entry?

            Yes phase 2 entry in ipsec.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.