Packet loss in IpSec/GRE tunnel

linux ipsec gre

Solution 1:

You forgot about MSS

1 ) You must set mtu on gre tunnel 1400

2 ) For SYN packets set mss at same size mtu 1400

in linux:

iptables -I FORWARD -i tun+ -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --set-mss 1400

Solution 2:

The default table is filter, so when you provide a rule like iptables -A FORWARD ... you just put the rule in filter table. There are also several another tables and table mangle is one of them. As of man iptables: "This table is used for specialized packet alteration."

So, for editing a packages (which is done by -j TCPMSS --set-mss) one should use a mangle table, that is why the rule should be like:

iptables -t mangle -A FORWARD -i tun+ -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --set-mss 1400

Related

Using second eSATA port for second DAS
Why does "apt-get autoremove sendmail" leave dependencies behind?
How is RAID3/4 is implemented for more than 4 drives?
OVH Public Cloud - Adding region to exisiting vRack
How to remove package from rpm database
Provide empty string to Quarkus as the default value for an environment variable
ModuleNotFoundError: No module named 'app.routes'
skip some rows in read.csv in R
Why I am getting an exception in "main" java.lang.ArrayIndexOutOfBoundsException. The error shows that Index -12 out of bounds for length 37 [duplicate]
Python attr.s multiple type validation
Ubuntu Terminal Default Positions
How to create a launcher for for JetBrains Gogland