Document that MSS clamping needs to be done by Linux

2023-11-12 01:27:54 +01:00 · 2023-11-12 01:27:54 +01:00 · 60b78506e8
commit 60b78506e8
parent 72fca9b8f0
1 changed files with 9 additions and 0 deletions
--- a/etc/startup-config.default
+++ b/etc/startup-config.default
@ -149,3 +149,12 @@ set ppp_keepalive yes

 # Kernel acceleration, enable on no more than one instance!
 #set kernel_accel yes
+#
+# You will probably want to also enable MSS clamping, which l2tpns won't be able to do any more:
+# iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
+# ip6tables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
+# or
+# nft add rule inet filter forward tcp flags syn tcp option maxseg size set rt mtu
+#
+# and allow dhcpv6 traffic:
+# iptables -A INPUT -i ppp+ -p udp --sport 546 --dport 547 -j ACCEPT