From: Michael Tremer <michael.tremer@ipfire.org>
Date: Mon, 26 Feb 2018 15:37:49 +0000 (+0000)
Subject: Disable Path MTU discovery
X-Git-Tag: v2.19-core120~68
X-Git-Url: http://git.ipfire.org/?p=people%2Fpmueller%2Fipfire-2.x.git;a=commitdiff_plain;h=1c0cfaa5949e4303e8e4e2f041af86a812f3fe6c

Disable Path MTU discovery

This seems to be a failed concept and causes issues with transferring
large packets through an IPsec tunnel connection.

This configures the kernel to still respond to PMTU ICMP discovery
messages, but will not try this on its own.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---

diff --git a/config/etc/sysctl.conf b/config/etc/sysctl.conf
index ad562404fb..f3897c3c79 100644
--- a/config/etc/sysctl.conf
+++ b/config/etc/sysctl.conf
@@ -1,6 +1,9 @@
 net.ipv4.ip_forward = 1
 net.ipv4.ip_dynaddr = 1
 
+# Disable Path MTU Discovery
+net.ipv4.ip_no_pmtu_disc = 1
+
 net.ipv4.icmp_echo_ignore_broadcasts = 1
 net.ipv4.icmp_ignore_bogus_error_responses = 1
 net.ipv4.icmp_ratelimit = 1000
diff --git a/config/rootfiles/core/120/filelists/files b/config/rootfiles/core/120/filelists/files
index 5b1359ac3f..3df1148006 100644
--- a/config/rootfiles/core/120/filelists/files
+++ b/config/rootfiles/core/120/filelists/files
@@ -1,5 +1,6 @@
 etc/system-release
 etc/issue
+etc/sysctl.conf
 etc/fcron.daily/openvpn-crl-updater
 etc/rc.d/init.d/dhcp
 srv/web/ipfire/cgi-bin/ovpnmain.cgi