On Fri, Oct 15, 2004 at 03:30:13PM -0300, Peter Marshall wrote:
> Thanks for the fast reply ...
>
> So you are saying I should use a value of 1440 for X ?
> What rule do I apply it too ? (sorry to sound stupid .. brain is fried ..
> have been working on this for a long time).
>
> Peter
you would add a new rule that matches your outbound VPN
traffic...something along the lines of (this is 2.4 and *swan biased):
iptables -A FORWARD -i $INSIDE_IF -o $IPSEC_IF -p tcp --syn \
-j TCPMSS --set-mss 1440
from my own personal experience--i use lower values than 1440, but 1440
is the mathematical maximum you can use...so that's your starting point.
-j
--
Jason Opperisano <opie@xxxxxxxxxxx>
