When pinging across a L2TP tunnel w/ ipsec enabled I can send packet size of 1450 with no fragmentation.
When I try to do a UDP Mikrotik bandwidth test I have to set Tx size to 1400 to get the max speed of 111Mbps Otherwise with Tx size at 1450 it only gets 19Mbps,
Whats the reason for this?
When using L2TP + ipsec you can’t be sure, that the packet is not fragmented, even if you specifically restrict fragmentation of the original packet.
The original packet first packed into l2tp (that can, by the way, also perform fragmentation and defragmentation, but only if asked to), then it is processed by ipsec, and then, already encrypted packet can be fragmented if it is needed. And on the other end the just the same actions but in reverse.
This being said - substract at least another 100 for ipsec overhead: down to 1350
And possibly even more if you have clients connecting from the cellular network: but that needs to be tested.
I ended up with MTU 1230, because larger packets didn’t make it through the tunnels established by mobile devices via LTE.
Thanks for the detailed explanation and the info regarding your experiences with the cellular networks. It is wild how many variables must be considered with regards to MTU’s on tunnels.