• Good day,

    I have an ipsec tunnel from PFS to a fortigate.

    I have set the MSS Clamping to 1350. Almost everything work…
    I have issue regarding contacting the AD server (kerberos) for pc behing the PFS box.. AD is behind fortigate..

    When  look the tcpdump.. I see

    20:12:33.697414 IP > Flags ~~, seq 3922905511, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
    20:12:33.701060 IP > Flags [S.], seq 630473787, ack 3922905512, win 8192, options [mss 1350,nop,wscale 8,nop,nop,sackOK], length 0 is behind PFS..

    Why I see an MSS of 1460, when I set it up in MSS Clam to 1350 ? and that on the next line, the mss is 1350 ?