diff options
| author | Robert Göhler <github@ghlr.de> | 2021-01-24 22:14:00 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-01-24 22:14:00 +0100 |
| commit | c25c40dfa96dfeb022b203280c607c1f1835417b (patch) | |
| tree | ed05f81d48c65639e621ee3a067f435cb204ea9e /docs/routing/mss-clamp.rst | |
| parent | ce9f2016218f0c162bd48457a41a18db15e52749 (diff) | |
| download | vyos-documentation-c25c40dfa96dfeb022b203280c607c1f1835417b.tar.gz vyos-documentation-c25c40dfa96dfeb022b203280c607c1f1835417b.zip | |
Migrate new file structure to crux (#435)
* order workflows and add submodule
* rename gitmodules file
* delete docs/.gitignore
* add vyos custom linter
* correct __pycache__ in gitignore
* add test-coverage.py
* move draw.io folder
* arrange changelog, install history and about
* arrange: firewall
* arrange: highavailability
* arrange: loadbalancing
* arrange: nat
* arrange: services
* sort configexamples and configuration interfaces
* wireles: rename wireless
* rearrange: Protocols and Policy
* rearrange: Firewall and Zone Policy
* rearrange: Interfaces
* rearrange: Interfaces
* rearrange: dynamic DNS
* hostinfo: add page to index
* rearrange: appendix
* venv: add Pipfile
* rearrange: contributing
* index: remove debugging
* rearrange: fix all figure and refs
* rearrange: commandtree
* fix: cli, openvpn, install headline level
* protocols: change headline
* firewall: move mss clamping
* ip: separate ipv4 and ipv6
* arp: move to static page
* igmp: rename multicast page
* Update to year 2021
Diffstat (limited to 'docs/routing/mss-clamp.rst')
| -rw-r--r-- | docs/routing/mss-clamp.rst | 64 |
1 files changed, 0 insertions, 64 deletions
diff --git a/docs/routing/mss-clamp.rst b/docs/routing/mss-clamp.rst deleted file mode 100644 index a4edf1c6..00000000 --- a/docs/routing/mss-clamp.rst +++ /dev/null @@ -1,64 +0,0 @@ -.. _routing-mss-clamp: - -TCP-MSS Clamping ----------------- - -As Internet wide PMTU discovery rarely works, we sometimes need to clamp -our TCP MSS value to a specific value. This is a field in the TCP -Options part of a SYN packet. By setting the MSS value, you are telling -the remote side unequivocally 'do not try to send me packets bigger than -this value'. - -Starting with VyOS 1.2 there is a firewall option to clamp your TCP MSS -value for IPv4 and IPv6. - - -.. note:: MSS value = MTU - 20 (IP header) - 20 (TCP header), resulting - in 1452 bytes on a 1492 byte MTU. - - -IPv4 -^^^^ - -.. cfgcmd:: set firewall options interface <interface> adjust-mss <number-of-bytes> - - Use this command to set the maximum segment size for IPv4 transit - packets on a specific interface (500-1460 bytes). - - -Example -""""""" - -Clamp outgoing MSS value in a TCP SYN packet to `1452` for `pppoe0` and -`1372` -for your WireGuard `wg02` tunnel. - -.. code-block:: none - - set firewall options interface pppoe0 adjust-mss '1452' - set firewall options interface wg02 adjust-mss '1372' - -IPv6 -^^^^^ - -.. cfgcmd:: set firewall options interface <interface> adjust-mss6 <number-of-bytes> - - Use this command to set the maximum segment size for IPv6 transit - packets on a specific interface (1280-1492 bytes). - - -Example -""""""" - -Clamp outgoing MSS value in a TCP SYN packet to `1280` for both `pppoe0` and -`wg02` interface. - -.. code-block:: none - - set firewall options interface pppoe0 adjust-mss6 '1280' - set firewall options interface wg02 adjust-mss6 '1280' - - - -.. hint:: When doing your byte calculations, you might find useful this - `Visual packet size calculator <https://baturin.org/tools/encapcalc/>`_. |