IPsec and PMTU problems

This post has a very good explanation of the problems I’ve been suffering with my IPsec tunnels recently:

MTU woes in IPsec tunnels and how you can fix it

Two things have fixed my stalled transmissions over IPsec tunnels:

1. Clamping the MSS of the IPsec connections to 1280
2. Setting the sysctl net.ipv4.tcp_mtu_probing=1

As seen in this post, the values of net.ipv4.tcp_mtu_probing are:

 0 - Disabled
 1 - Disabled by default, enabled when an ICMP black hole detected
 2 - Always enabled, use initial MSS of tcp_base_mss.

See also

• My double proxy solution to LaLiga blocks
• Configuración de router pfSense con Internet de fibra Orange
• IPsec server in OpenWrt (II)
• IPsec server in OpenWrt
• Obtener un prefijo IPv6 con gogoc en Fedora