On Mon, May 03, 2021 at 08:56:48PM +0200, Frank Wunderlich wrote: > Hi Pablo > > > Gesendet: Montag, 03. Mai 2021 um 00:11 Uhr > > Von: "Pablo Neira Ayuso" <pablo@xxxxxxxxxxxxx> > > > You have to add a rule to clamp TCP mss to path MTU. > > > > ... tcp flags syn tcp option maxseg size set rt mtu > > Thanks i try this like described here (just for reference): > > https://wiki.nftables.org/wiki-nftables/index.php/Mangling_packet_headers I have updated the wiki: you have to mangle the TCP MSS options of the original syn and the reply syn+ack packets. > my MTU broadcast via dnsmasq does not work for all client-devices > > but imho this should affect 5.12 and 5.10 without flowtable too > (because limit is the ppp-tunnel in default Gateway), right?? so it > looks like flowtable in 5.10 breaks the Path Discovery or prevents > fragmentation which should normally happen if packets are too big. Did you try with the rule that mangles both the original syn and the reply syn+ack packets? Do not restrict mangling to oifname pppoe0.
