From 60b78506e84293640c24ee0ab11d5be163f9c63a Mon Sep 17 00:00:00 2001
From: Samuel Thibault <samuel.thibault@ens-lyon.org>
Date: Sun, 12 Nov 2023 01:27:54 +0100
Subject: [PATCH] Document that MSS clamping needs to be done by Linux

---
 etc/startup-config.default | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/etc/startup-config.default b/etc/startup-config.default
index 3b3f223..82bb1c8 100644
--- a/etc/startup-config.default
+++ b/etc/startup-config.default
@@ -149,3 +149,12 @@ set ppp_keepalive yes
 
 # Kernel acceleration, enable on no more than one instance!
 #set kernel_accel yes
+#
+# You will probably want to also enable MSS clamping, which l2tpns won't be able to do any more:
+# iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
+# ip6tables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
+# or
+# nft add rule inet filter forward tcp flags syn tcp option maxseg size set rt mtu
+#
+# and allow dhcpv6 traffic:
+# iptables -A INPUT -i ppp+ -p udp --sport 546 --dport 547 -j ACCEPT