Hi
I have an IKEv2 tunnel on my RB1100AHx2. The problem is max valid transmit unit of my ikev2 tunnel is 140 bits less than MTU of my out interface(I can not change server side configuration). I can handle forwarded traffic problem by change mss rule in mangle or changing mtu of client side interfaces, but I have a socks5 proxy on my router and I want to send output traffic through the ikev2 tunnel; it seems most of output packets with big packet size that socks5 builds(proxies) don’t have syn flag and most of them have ACK flag. so change mss rule for output or postrouting traffic didn’t fix the problem ,also change mtu of client side interface does not help because router build(proxies) output packets due to the mtu of out interface, decreasing mtu of out interface also decreases valid mtu of IKEv2 tunnel and has no point
for solving the problem currently I am routing routers traffic except managing ports and ikev2 address, to an empty bridge that I manually changed it’s mtu and it works but I feel it’s not correct solution
I will feel happy if someone help me for finding better solution
Sorry for bad English
In order to handle the own traffic of the router, such as the one of the socks5, the action=change-mss rules must be in chains output and input of mangle.