MTU size on IPsec tunnel…



  • Have a setup where on the remote endpoints require a max MTU size of 1350 to work properly.

    Been reading up a bit on this and it would seem enabling "MSS clamping on VPN traffic" is the right way to go about this.
    But I cannot figure out if this will have any impact on all the other tunnels that are running through this pfSense box, and whether the setting is replicated through CARP or must be set on all nodes?

    Hope someone can point me in the right direction…

    //Anders


  • Rebel Alliance Developer Netgate

    It would affect all tunnels, and it would not replicate via carp as it's a per-host setting.



  • @jimp:

    It would affect all tunnels, and it would not replicate via carp as it's a per-host setting.

    Got so far as to figure out it was a system-wide setting, but since I'm not that strong on network I'm trying to figure out whether it will have any negative effect on the other tunnels or if alle other VPN endpoints should adjust their MTU size when communicating with the pfSense boxes…


Locked