So we've got an issue that's been perplexing us.
We're using a FreeBSD box as a router, with 1 NIC set to a low MTU (VPN reasons) and another NIC set to a normal MTU.
NIC 1 is the route out to to the internet + IPSec interface - MTU = 1350
NIC 2 is the route into our network - MTU = 1500
If you send a ping with an overall MTU size greater than 1350 (do-not-frag enabled) to a host on the otherside of the VPN, FreeBSD returns a single ICMP Redirect with the correct MTU. This is expected.
However, if you were to then send a ping to any other host on the internet with an MTU greater than 1350 and DNF enabled, FreeBSD doesn't return any ICMP redirects. Meaning Windows can't use PMTU.
Would appreciate any pointers.
We're using a FreeBSD box as a router, with 1 NIC set to a low MTU (VPN reasons) and another NIC set to a normal MTU.
NIC 1 is the route out to to the internet + IPSec interface - MTU = 1350
NIC 2 is the route into our network - MTU = 1500
If you send a ping with an overall MTU size greater than 1350 (do-not-frag enabled) to a host on the otherside of the VPN, FreeBSD returns a single ICMP Redirect with the correct MTU. This is expected.
However, if you were to then send a ping to any other host on the internet with an MTU greater than 1350 and DNF enabled, FreeBSD doesn't return any ICMP redirects. Meaning Windows can't use PMTU.
Would appreciate any pointers.