Hi, wondering if policy based VPNs usually have a set MTU on outgoing VPN packets (afaik interface-based VPNs do as you can check the vpn interface MTU).
And secondly, thinking about how MSS gets negotiated if the device creating the policy based VPN also is hosting TCP-based services or initiating them over the VPN. Just hit me that if policy based VPNs don't have a set MTU for outgoing VPN packets, how can they reliably set an MSS value that works? Maybe they do have some max crypto overhead MTU setting for MSS negotiations? I tried googling for this but haven't had much good hits regarding this.
No comments:
Post a Comment