Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Weird MSS issue

    IPsec
    1
    1
    560
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • F
      froussy last edited by

      Good day,

      I have an ipsec tunnel from PFS to a fortigate.

      I have set the MSS Clamping to 1350. Almost everything work…
      I have issue regarding contacting the AD server (kerberos) for pc behing the PFS box.. AD is behind fortigate..

      When  look the tcpdump.. I see

      20:12:33.697414 IP 172.16.35.13.1823 > 192.168.4.10.kerberos-sec: Flags ~~, seq 3922905511, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
      20:12:33.701060 IP 192.168.4.10.kerberos-sec > 172.16.35.13.1823: Flags [S.], seq 630473787, ack 3922905512, win 8192, options [mss 1350,nop,wscale 8,nop,nop,sackOK], length 0

      172.16.35.13 is behind PFS..

      Why I see an MSS of 1460, when I set it up in MSS Clam to 1350 ? and that on the next line, the mss is 1350 ?

      Thanks~~

      1 Reply Last reply Reply Quote 0
      • First post
        Last post