Hello,
I’m trying to setup a GRE VPN to Zscaler from L009 router.
IPsec → no issue
GRE → I can ping/nslookup internet, but browsing is totally broken (timed out most of the time etc), like if there was a MTU issue/very very low bandwith.
I tried to change the MTU, clamp MSS by mangle, enable firewall in the bridge etc but nothing works ..
Any idea what could be the issue ?
Regards
“clamp-tcp-mss” option requires the MTU to be correct in the first place, otherwise it’s just forcing TCP MSS to be wrong – which actually a worse problem…
Maybe not the case… But if your WAN has a lower MTU than 1500, then the default GRE MTU needs to be reduced. The default 1476 is baed on WAN being 1500, so you can lower 1476 by the same difference as WAN MTU is from 1500 (PPPoE often is 1492, so 8 lower than standard… thus GRE have to be 1468 MTU). And then “clamp-tcp-mss” will work.
Thank you Amm0,
I’m over standard DSL ISP so 1500 MTU, I’ve tried lots of things for MTU but nothing works.
Maybe not an MTU issue but poor performance over GRE for this hardware.
I will need to setup a GRE with my own external server or maybe try an UDP speedtest to see the result ..
Regards
L009 doesn’t have IPsec/AES hardware acceleration so encryption happens in software. This means your L009 cpu performance will determine how fast things can go. Check cpu stats when performing tests..