We have many clients connected by PPPoE to Mikrotik router A. Their traffic goes over a GRE tunnel to Mikrotik router B in a datacentre. To solve the problem of large packet fragmentation over VPN we use the following rule on router A:
/ip firewall mangle
add out-interface=gre-tunnel protocol=tcp tcp-flags=syn action=change-mss new-mss=1300 chain=forward
My question is, should we use a similar rule on router B? Also uis there any advantage changing PPPoE MTU from default of 1480?
Re: GRE tunnel and MSS question
Some hint:
PPPoE server AND client:
MTU & MRU=1480
MRRU=1600
on profile "Change TCP MSS = yes"
if you use encryption on profile, MTU & MRU = 1480 - 4
Bridge, EoIP and GRE tunnels:
If RouterOS support it, leave all MTU on auto!
If you do all correctly on BOTH side, pppoe tunnel have those characteristics:
MTU = 1596
MRRU = 1600
PPTP server AND client:
MTU & MRU=1450
MRRU=1600
encryption=yes
If you want use also Windows computers, set the MRRU to 1614 (hardcoded on Windows winsock)
PPPoE server AND client:
MTU & MRU=1480
MRRU=1600
on profile "Change TCP MSS = yes"
if you use encryption on profile, MTU & MRU = 1480 - 4
Bridge, EoIP and GRE tunnels:
If RouterOS support it, leave all MTU on auto!
If you do all correctly on BOTH side, pppoe tunnel have those characteristics:
MTU = 1596
MRRU = 1600
PPTP server AND client:
MTU & MRU=1450
MRRU=1600
encryption=yes
If you want use also Windows computers, set the MRRU to 1614 (hardcoded on Windows winsock)
Who is online
Users browsing this forum:Ahrefs [Bot],Semrush [Bot]and 44 guests