Open danielschonfeld opened 3 years ago
I don't know if this is the correct "solution", but following the logic from that article and digging some more. Setting the MTU on the ERX #2 ("the server") to 1412
, and then using the mss clamping
option in firewall options
and setting it to 1372
, solves the problem for my clients on the ERX #1 network.
I have the following setup with two edgerouters X (basically one uses the other as a VPN to show a different IP location):
Some website's TLS server, seems to have a problem where somewhere in the protocol it tries to send an ICMP packet where the do not frag bit is set resulting in the following:
(This error appears on tcpdump, on ERX #2 that is trying to contact the server, in this case hertz.com over HTTPs
curl -L https://hertz.com
)I am trying to figure out how to fix this or is this a problem with WireGuard on ERX?
For reference I found this article, of a gentleman encountering the same problem, only he isn't using EdgeRouter https://keremerkan.net/posts/wireguard-mtu-fixes/
Any ideas will be appreciated