Weird MSS issue



  • Good day,

    I have an ipsec tunnel from PFS to a fortigate.

    I have set the MSS Clamping to 1350. Almost everything work…
    I have issue regarding contacting the AD server (kerberos) for pc behing the PFS box.. AD is behind fortigate..

    When  look the tcpdump.. I see

    20:12:33.697414 IP 172.16.35.13.1823 > 192.168.4.10.kerberos-sec: Flags ~~, seq 3922905511, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
    20:12:33.701060 IP 192.168.4.10.kerberos-sec > 172.16.35.13.1823: Flags [S.], seq 630473787, ack 3922905512, win 8192, options [mss 1350,nop,wscale 8,nop,nop,sackOK], length 0

    172.16.35.13 is behind PFS..

    Why I see an MSS of 1460, when I set it up in MSS Clam to 1350 ? and that on the next line, the mss is 1350 ?

    Thanks~~


Log in to reply