mirror of
https://github.com/opnsense/docs
synced 2024-10-30 21:20:20 +00:00
VPN/IPsec add Miscellaneous section to explain tunables, starting with PMTU/DF bit
This commit is contained in:
parent
1739c6f744
commit
a899fe3000
@ -296,6 +296,19 @@ In which case the following tunables need to be changed:
|
|||||||
* :code:`net.inet.rss.bits` = **X** <-- see :doc:`rss </troubleshooting/performance>` document.
|
* :code:`net.inet.rss.bits` = **X** <-- see :doc:`rss </troubleshooting/performance>` document.
|
||||||
|
|
||||||
|
|
||||||
|
.................................
|
||||||
|
Miscellaneous variables
|
||||||
|
.................................
|
||||||
|
|
||||||
|
Path MTU Discovery
|
||||||
|
--------------------------
|
||||||
|
|
||||||
|
When trying to enforce path mtu discovery (`PMTU <https://en.wikipedia.org/wiki/Path_MTU_Discovery>`__), you need to make
|
||||||
|
sure packets leave the network with the :code:`DF` set. The kernel offers a tunable :code:`net.inet.ipsec.dfbit` which
|
||||||
|
offers 3 options, :code:`0`, clear the bit on packets leaving the firewall (default), :code:`1`, set the DF bit or :code:`2`
|
||||||
|
to copy the bit from the inner header.
|
||||||
|
|
||||||
|
|
||||||
.................................
|
.................................
|
||||||
Diagnostics
|
Diagnostics
|
||||||
.................................
|
.................................
|
||||||
|
Loading…
Reference in New Issue
Block a user