> On Oct 30, 2020, at 11:44 AM, Brian Brombacher <brian@planetunix.net> wrote:
>
>
>
>>> On Oct 29, 2020, at 11:56 PM, David Diggles <david@elven.com.au> wrote:
>>>
>>> On Mon, Feb 10, 2020 at 05:15:00PM +0000, Peter M??ller wrote:
>>> Hello Lucas,
>>>
>>> as far as I understood, setting MTU on encN interfaces is not supported
>>> since it is not mentioned by enc(4) and setting it manually fails:
>>>
>>>> machine# ifconfig enc0 mtu 1500
>>>> ifconfig: SIOCSIFMTU: Inappropriate ioctl for device
>>>
>>> If you do not want to use GRE tunnels or gif interfaces, I suppose truncating
>>> MSS via pf might be an acceptable but not elegant solution:
>>
>> I have max-mss and reassemble tcp:
>>
>> match in on gre0 scrub (max-mss 1456, reassemble tcp)
>>
>
> How did you calculate the max-mss? It seems too high for a double tunnel setup.
Also, sorry for double post, you need the match rule on enc0 to impact TCP streams going over IPSec to change their mss. I don't have the old emails for this thread, so not sure if IPSec is your outer tunnel or inner here.
>
>> However still experienced about 5% packet loss when i run speedtest.net through
>> the tunnel.
>>
>> In my instance, the solution for eliminating packet loss over the long distance
>> ipsec/gre tunnel was putting in a queue:
>>
>> queue hfsq-gre0 on gre0 flows 1024 bandwidth $BW_LIMIT max $BW_LIMIT quantum 400 qlimit 1000 default
>>
>> .d.d.
>>
No comments:
Post a Comment