extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-07-07 01:51:44 +02:00
Code Issues Packages Projects Releases Wiki Activity

Correct mss specification when using ipcomp

Browse Source 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep
2019-10-16 11:41:21 -07:00
parent 54c7e1a607
commit 6da498510c
1 changed files with 6 additions and 0 deletions

6
docs/IPSEC-2.6.xml

@ -364,6 +364,12 @@ ACCEPT vpn:134.28.54.2 $FW</programlisting>
<programlisting>#ZONE TYPE OPTIONS IN_OPTIONS OUT_OPTIONS <programlisting>#ZONE TYPE OPTIONS IN_OPTIONS OUT_OPTIONS
vpn ipsec mode=tunnel <emphasis role="bold">mss=1400</emphasis></programlisting> vpn ipsec mode=tunnel <emphasis role="bold">mss=1400</emphasis></programlisting>
<para>Note that if you are using ipcomp, you should omit the mode
specification:</para>
<programlisting>#ZONE TYPE OPTIONS IN_OPTIONS OUT_OPTIONS
vpn ipsec - <emphasis role="bold">mss=1400</emphasis></programlisting>
<para>You should also set FASTACCEPT=No in shorewall.conf to ensure that <para>You should also set FASTACCEPT=No in shorewall.conf to ensure that
both the SYN and SYN,ACK packets have their MSS field adjusted.</para> both the SYN and SYN,ACK packets have their MSS field adjusted.</para>