Change MSS
It is a well known fact that VPN links have smaller packet size due to incapsulation overhead. A large packet with MSS that exceeds the MSS of the VPN link should be fragmented prior to sending it via that kind of connection. However, if the packet has DF flag set, it cannot be fragmented and should be discarded. On links that have broken path MTU discovery (PMTUD) it may lead to a number of problems, including problems with FTP and HTTP data transfer and e-mail services.
In case of link with broken PMTUD, a decrease of the MSS of the packets coming through the VPN link solves the problem. The following example demonstrates how to decrease the MSS value via mangle:
[admin@MikroTik] > /ip firewall mangle add out-interface=pppoe-out action=change-mss \
\.. new-mss=1300 chain=forward
[admin@MikroTik] > /ip firewall mangle print
Flags: X - disabled, I - invalid, D - dynamic
0 chain=forward out-interface=pppoe-out action=change-mss new-mss=1300
[admin@MikroTik] >
Problem is, i dont know how to set mangle to change mss with this instructions (found here
http://www.mikrotik.com/docs/ros/2.9/ip/mangle ). On 2.8, there was no problem setting it.
When I try to enter command described above, get this error
[admin@netalfa] > ip firewall mangle add out-interface=Panline action=change-mss \
\... new-mss=1448 chain=forward
tcp mss change works only on tcp syn packets
Thanks for your help.
