Disable Path MTU discovery

This seems to be a failed concept and causes issues with transferring
large packets through an IPsec tunnel connection.

This configures the kernel to still respond to PMTU ICMP discovery
messages, but will not try this on its own.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

diff --git a/config/etc/sysctl.conf b/config/etc/sysctl.conf
index ad562404fb5f92857f8b4186cff40da57d28811c..f3897c3c79d12b536e5418967ca0b4fdadd539f5 100644 (file)
--- a/config/etc/sysctl.conf
+++ b/config/etc/sysctl.conf
@@ -1,6 +1,9 @@
 net.ipv4.ip_forward = 1
 net.ipv4.ip_dynaddr = 1
 
+# Disable Path MTU Discovery
+net.ipv4.ip_no_pmtu_disc = 1
+
 net.ipv4.icmp_echo_ignore_broadcasts = 1
 net.ipv4.icmp_ignore_bogus_error_responses = 1
 net.ipv4.icmp_ratelimit = 1000

diff --git a/config/rootfiles/core/120/filelists/files b/config/rootfiles/core/120/filelists/files
index 5b1359ac3f3f8c240de2416156fffc6235947d31..3df11480060b5364b170597bf5214ed96fb62bde 100644 (file)
--- a/config/rootfiles/core/120/filelists/files
+++ b/config/rootfiles/core/120/filelists/files
@@ -1,5 +1,6 @@
 etc/system-release
 etc/issue
+etc/sysctl.conf
 etc/fcron.daily/openvpn-crl-updater
 etc/rc.d/init.d/dhcp
 srv/web/ipfire/cgi-bin/ovpnmain.cgi