Weird MSS issue

IPsec
Log in to reply
  • F

    Good day,

    I have an ipsec tunnel from PFS to a fortigate.

    I have set the MSS Clamping to 1350. Almost everything work…
    I have issue regarding contacting the AD server (kerberos) for pc behing the PFS box.. AD is behind fortigate..

    When  look the tcpdump.. I see

    20:12:33.697414 IP 172.16.35.13.1823 > 192.168.4.10.kerberos-sec: Flags ~~, seq 3922905511, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
    20:12:33.701060 IP 192.168.4.10.kerberos-sec > 172.16.35.13.1823: Flags [S.], seq 630473787, ack 3922905512, win 8192, options [mss 1350,nop,wscale 8,nop,nop,sackOK], length 0

    172.16.35.13 is behind PFS..

    Why I see an MSS of 1460, when I set it up in MSS Clam to 1350 ? and that on the next line, the mss is 1350 ?

    Thanks~~

    0

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

© 2021 Rubicon Communications, LLC | Privacy Policy