welterde/l2tpns
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Document that MSS clamping needs to be done by Linux

Browse source
This commit is contained in:
Samuel Thibault 2023-11-12 01:27:54 +01:00
parent 72fca9b8f0
commit 60b78506e8
1 changed files with 9 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

9
etc/startup-config.default
View file

@ -149,3 +149,12 @@ set ppp_keepalive yes
# Kernel acceleration, enable on no more than one instance! # Kernel acceleration, enable on no more than one instance!
#set kernel_accel yes #set kernel_accel yes
#
# You will probably want to also enable MSS clamping, which l2tpns won't be able to do any more:
# iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
# ip6tables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
# or
# nft add rule inet filter forward tcp flags syn tcp option maxseg size set rt mtu
#
# and allow dhcpv6 traffic:
# iptables -A INPUT -i ppp+ -p udp --sport 546 --dport 547 -j ACCEPT