This appears to be fixed in 1.2.4 EPA1.
Nov 26 2019
Jul 12 2019
@bmtauer is this still a problem for you?
May 2 2019
Feb 14 2019
The last rolling worked great. Saw the module was loaded on boot and MSS was clamped correctly.
Feb 13 2019
I'll test the next rolling asap and report back.
Yes! That's what i need.
In my script above i had to put modprobe br_netfilter so it loads on system boot.
modprobe br_netfilter iptables -t mangle -I POSTROUTING -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --set-mss 1400
If we could have br_netfilter loaded on boot in the image that would be great and would fix this problem.
Sorry i'm not sure we're on the same page.
@c-po thanks for mentioning the PPPoE connection, really got me thinking about the word POSTROUTING!
The solution is this -
Your second command does kot specify any output interface whereas the first command speciefies tun0. Especially on ESXi you see almost no difference compared ro a vietual Box.
I myself run 1.2.0 in both a Physical and ESXi instance on PPPoE and use the clamping commands successfully on both nodes
Feb 12 2019
Jan 11 2019
Since the vyos-build readme was updated, i was able to update and test the change I requested above.
It fixes the issue presented above.
Nov 30 2018
Oct 17 2018
Any further action on this?
I can't find any public images and this thread is a bit lacking in information.
@mario is your ike-lifetime correct? That looks really short for an aws tunnel.
Otherwise yeah, I'd try with 1.2.
May 25 2018
Feb 11 2018
Feb 6 2018
Feb 4 2018
So just to be clear,
Feb 1 2018
Sorry for the late response on this.
Why is this tagged under 1.2.x? You stated you're on version 1.1.8.