I have a pppoe dialler on my routerboard, i also have a GRE tunnel which is encrypted with IPSEC. After abit of reading about MTU sizes i have concluded the following.
-8 Bytes for PPPOE header
-4 Bytes for GRE tunnel
-24 bytes for IPSEC encrypting the GRE tunnel
= total MTU 1464
My question is do i change the MTU on my GRE tunnel as that that’s the interface that the encrypted traffic goes out of, or do i need to change the MTU of my physical port the pppoe dialer uses to 1464 aswell as the GRE tunnel.
I have done abit of reading and i’m still confused if somebody would be so kind as to clear this up.
I have just come across another problem but i managed to solve it through other threads on this forum. I have a pppoe dialler that fails over to another wan gateway if it goes down, built over the two wan gateways are two GRE tunnels. I have a floating static route routing a public block of IP’s through both ends of the GRE tunnels depending on which GRE tunnel is up depends on what WAN interface is up. I have the public IP block on loopback interfaces and then i NAT two private blocks behind each loopback and send the privater traffic to the GRE interfaces then NAT it behind the public block there. It works, the failover works great. Just as i thought i had cracked it i noticed i was having issues browsing websites behind one of the NAT networks but not the other, after quizzing this forum i found it might be an MMS issue, i added the following IP firewall rule and out of pure luck it worked, i could browse sites behind both private blocks.
Im guessing this ties in with what i asked above, im still unsure about the MTU sizes on my interfaces and i don’t understand this MMS rule, all i know is it works, can anyone with experience explain this to us please?
