Page 1 of 1

Changing MSS in VPN

Posted: Sat Nov 28, 2015 2:47 am
by Mike33
In this article it is told:
If there are more that 10 simultaneous PPP connections planned, it is recommended to turn the change-mss property off, and use one general MSS changing rule in mangle table instead, to reduce CPU utilization.
Could you give examples of how this can be done?

Re: Changing MSS in VPN

Posted: Sun Nov 29, 2015 9:28 pm
by chechito

Re: Changing MSS in VPN

Posted: Mon Nov 30, 2015 2:10 am
by Mike33
Thank you!

This is the scheme of my network:
network_scheme.jpg
Therefore such rules will be necessary for me?

VPN-client:
/ip firewall mangle add \
  out-interface=l2tp-out-vpn \
  protocol=tcp tcp-flags=syn action=change-mss new-mss=1300 chain=forward
VPN-server:
/ip firewall mangle add \
  out-interface=l2tp-in-vpn_user_1 \
  protocol=tcp tcp-flags=syn action=change-mss new-mss=1300 chain=forward
/ip firewall mangle add \
  out-interface=l2tp-in-vpn_user_2 \
  protocol=tcp tcp-flags=syn action=change-mss new-mss=1300 chain=forward
/ip firewall mangle add \
  out-interface=l2tp-in-vpn_user_3 \
  protocol=tcp tcp-flags=syn action=change-mss new-mss=1300 chain=forward
How can the three rules on the server combined into one rule?

What size of a MSS to choose??