mirror of
https://github.com/vyos/vyos-documentation.git
synced 2025-10-26 08:41:46 +01:00
6aa3cbb611
This will add proper new-lines into the rendered PDF. Before if it has been a long line, not all content was preserved in the PDF.
42 lines
1.1 KiB
ReStructuredText
42 lines
1.1 KiB
ReStructuredText
.. _routing-mss-clamp:
|
|
|
|
TCP-MSS Clamping
|
|
----------------
|
|
|
|
As Internet wide PMTU discovery rarely works we sometimes need to clamp our TCP
|
|
MSS value to a specific value. Starting with VyOS 1.2 there is a firewall option
|
|
to clamp your TCP MSS value for IPv4 and IPv6.
|
|
|
|
Clamping can be disabled per interface using the `disable` keyword:
|
|
|
|
.. code-block:: console
|
|
|
|
set firewall options interface pppoe0 disable
|
|
|
|
IPv4
|
|
^^^^
|
|
|
|
Clamp outgoing MSS value in a TCP SYN packet to `1452` for `pppoe0` and `1372`
|
|
for your WireGuard `wg02` tunnel.
|
|
|
|
.. code-block:: console
|
|
|
|
set firewall options interface pppoe0 adjust-mss '1452'
|
|
set firewall options interface wg02 adjust-mss '1372'
|
|
|
|
IPv6
|
|
^^^^^
|
|
|
|
Clamp outgoing MSS value in a TCP SYN packet to `1280` for both `pppoe0` and
|
|
`wg02` interface.
|
|
|
|
To achieve the same for IPv6 please use:
|
|
|
|
.. code-block:: console
|
|
|
|
set firewall options interface pppoe0 adjust-mss6 '1280'
|
|
set firewall options interface wg02 adjust-mss6 '1280'
|
|
|
|
.. note:: MSS value = MTU - 20 (IP header) - 20 (TCP header), resulting in 1452
|
|
bytes on a 1492 byte MTU.
|