Weird MSS issue
I have an ipsec tunnel from PFS to a fortigate.
I have set the MSS Clamping to 1350. Almost everything work…
I have issue regarding contacting the AD server (kerberos) for pc behing the PFS box.. AD is behind fortigate..
When look the tcpdump.. I see
20:12:33.697414 IP 172.16.35.13.1823 > 192.168.4.10.kerberos-sec: Flags ~~, seq 3922905511, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
20:12:33.701060 IP 192.168.4.10.kerberos-sec > 172.16.35.13.1823: Flags [S.], seq 630473787, ack 3922905512, win 8192, options [mss 1350,nop,wscale 8,nop,nop,sackOK], length 0
172.16.35.13 is behind PFS..
Why I see an MSS of 1460, when I set it up in MSS Clam to 1350 ? and that on the next line, the mss is 1350 ?