IP MTU on gif and gre interfaces (with and without IPSec encryption)
Victor Sudakov
vas at sibptus.ru
Mon Mar 23 07:17:17 UTC 2020
Victor Sudakov wrote:
>
> If the MTU on the external Ethernet interface is 1500, it should be safe
> to configure the gif(4) interfaces with mtu=1480 and gre(4)
> interfaces with mtu=1476, correct?
>
> I've noticed that a newly created gre0 interface has the expected "mtu 1476"
> value, but a newly created gif0 interface has "mtu 1280", why would the
> default be so low?
>
> A second question. If the gif and gre tunnels will be wrapped in
> IPSec transport mode, does it make sense to set the MTU on the
> corresponding gif and gre interfaces to some lower value?
And to make the matter even more mysterious, if_ipsec(4) which is
essentially the same as gif, is created by default with mtu=1400 for
some reason.
--
Victor Sudakov, VAS4-RIPE, VAS47-RIPN
2:5005/49 at fidonet http://vas.tomsk.ru/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 455 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/freebsd-net/attachments/20200323/5ad05971/attachment.sig>
More information about the freebsd-net
mailing list