Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Honza
Explorer

Remote access VPN WSL2 packet fragmentation

Hello guys,

we are facing an issue with remote access VPN and WSL2. The problem is in packet fragmentation. When a TCP packet is originated directly from the windows system it has the correct Maximum segment size value (1310). But when the packet is originated from WLS2 it has MSS 1460. The packet fragmentation does not work and for example, TSL session will fail.

obrazek.png

 

We are fixing it with this workaround script in WSL.

#/bin/bash
ADVMSS=1310

DEFAULT_ROUTE=$(ip route | grep "default")
ip route del $DEFAULT_ROUTE
ip route add $DEFAULT_ROUTE advmss $ADVMSS
:
if ip route | grep -q "advmss $ADVMSS"; then
echo "MSS is ok"
else
echo "MSS is not ok"
fi


Is anyone having the same issue? What is your solution?

 

0 Kudos
2 Replies
_Val_
Admin
Admin

Encrypted packets can hold less data because of the encryption, hence MTU of the packets sent to VPN tunnel should be reduced, to avoid fragmenting. You can find more details in sk98074. IT is for S2S, but should be relevant for RAS as well, as far as i know.

Limiting MTU on a network side is a solid approach

0 Kudos
Honza
Explorer

I see. But I would expect the vpn client to mangle the TCP MSS value to correct value.

0 Kudos