I have a branch router in a different country with IPSEC VPN tunnels set. Recently there are intermittent latency issues due to Network Congession experienced by the ISP in the remote country.
My st0 is set with default MTU size. Would I see any improvement if I change MTU size to 1500 for the st0 interface only for the remote router? Do I need to change TCP MTU size too?
what you can try is setting the tcp-mss on the vpn to somthing like 1350.
firstname.lastname@example.org # set security flow tcp-mss ipsec-vpn mss 1350
You can also try sending over packets with a max size of 1500 over the vpn and lower the value until you reach the size that will "pass" the vpn. You can use the max packet size then to set that as the max for the ipsec-vpn mss
email@example.com> ping <ip on otherside of the vpn> size 1500
firstname.lastname@example.org> ping <ip on otherside of the vpn> size 1420
Thanks. I ended up not changing my MTU as the overseas service provider resolved the issue for me. Sorry for late post.
What was the resolution for this? How did they fix your issue?