Hi Pablo > Gesendet: Montag, 03. Mai 2021 um 00:11 Uhr > Von: "Pablo Neira Ayuso" <pablo@xxxxxxxxxxxxx> > You have to add a rule to clamp TCP mss to path MTU. > > ... tcp flags syn tcp option maxseg size set rt mtu Thanks i try this like described here (just for reference): https://wiki.nftables.org/wiki-nftables/index.php/Mangling_packet_headers my MTU broadcast via dnsmasq does not work for all client-devices but imho this should affect 5.12 and 5.10 without flowtable too (because limit is the ppp-tunnel in default Gateway), right?? so it looks like flowtable in 5.10 breaks the Path Discovery or prevents fragmentation which should normally happen if packets are too big. regards Frank
