2
0
mirror of https://github.com/opnsense/docs synced 2024-10-30 21:20:20 +00:00

VPN/IPsec add Miscellaneous section to explain tunables, starting with PMTU/DF bit

This commit is contained in:
Ad Schellevis 2023-07-26 16:00:29 +02:00
parent 1739c6f744
commit a899fe3000

View File

@ -296,6 +296,19 @@ In which case the following tunables need to be changed:
* :code:`net.inet.rss.bits` = **X** <-- see :doc:`rss </troubleshooting/performance>` document. * :code:`net.inet.rss.bits` = **X** <-- see :doc:`rss </troubleshooting/performance>` document.
.................................
Miscellaneous variables
.................................
Path MTU Discovery
--------------------------
When trying to enforce path mtu discovery (`PMTU <https://en.wikipedia.org/wiki/Path_MTU_Discovery>`__), you need to make
sure packets leave the network with the :code:`DF` set. The kernel offers a tunable :code:`net.inet.ipsec.dfbit` which
offers 3 options, :code:`0`, clear the bit on packets leaving the firewall (default), :code:`1`, set the DF bit or :code:`2`
to copy the bit from the inner header.
................................. .................................
Diagnostics Diagnostics
................................. .................................