Community discussions

 
Mike33
newbie
Topic Author
Posts: 37
Joined: Tue Jun 25, 2013 2:13 am

Changing MSS in VPN

Sat Nov 28, 2015 2:47 am

In this article it is told:
If there are more that 10 simultaneous PPP connections planned, it is recommended to turn the change-mss property off, and use one general MSS changing rule in mangle table instead, to reduce CPU utilization.
Could you give examples of how this can be done?
 
User avatar
chechito
Forum Guru
Forum Guru
Posts: 1743
Joined: Sun Aug 24, 2014 3:14 am
Location: Bogota Colombia
Contact:

Re: Changing MSS in VPN

Sun Nov 29, 2015 9:28 pm

 
Mike33
newbie
Topic Author
Posts: 37
Joined: Tue Jun 25, 2013 2:13 am

Re: Changing MSS in VPN

Mon Nov 30, 2015 2:10 am

Thank you!

This is the scheme of my network:
network_scheme.jpg
Therefore such rules will be necessary for me?

VPN-client:
/ip firewall mangle add \
  out-interface=l2tp-out-vpn \
  protocol=tcp tcp-flags=syn action=change-mss new-mss=1300 chain=forward
VPN-server:
/ip firewall mangle add \
  out-interface=l2tp-in-vpn_user_1 \
  protocol=tcp tcp-flags=syn action=change-mss new-mss=1300 chain=forward
/ip firewall mangle add \
  out-interface=l2tp-in-vpn_user_2 \
  protocol=tcp tcp-flags=syn action=change-mss new-mss=1300 chain=forward
/ip firewall mangle add \
  out-interface=l2tp-in-vpn_user_3 \
  protocol=tcp tcp-flags=syn action=change-mss new-mss=1300 chain=forward
How can the three rules on the server combined into one rule?

What size of a MSS to choose??
You do not have the required permissions to view the files attached to this post.

Who is online

Users browsing this forum: Google [Bot] and 47 guests