In this article it is told:
If there are more that 10 simultaneous PPP connections planned, it is recommended to turn the change-mss property off, and use one general MSS changing rule in mangle table instead, to reduce CPU utilization.
Could you give examples of how this can be done?
Thank you!
This is the scheme of my network:
network_scheme.jpg
Therefore such rules will be necessary for me?
VPN-client:
/ip firewall mangle add \
out-interface=l2tp-out-vpn \
protocol=tcp tcp-flags=syn action=change-mss new-mss=1300 chain=forward
VPN-server:
/ip firewall mangle add \
out-interface=l2tp-in-vpn_user_1 \
protocol=tcp tcp-flags=syn action=change-mss new-mss=1300 chain=forward
/ip firewall mangle add \
out-interface=l2tp-in-vpn_user_2 \
protocol=tcp tcp-flags=syn action=change-mss new-mss=1300 chain=forward
/ip firewall mangle add \
out-interface=l2tp-in-vpn_user_3 \
protocol=tcp tcp-flags=syn action=change-mss new-mss=1300 chain=forward
How can the three rules on the server combined into one rule?
What size of a MSS to choose??