Differences

This shows you the differences between two versions of the page.

--- documentation:examples:gre_ipsec_and_openvpn [2020/09/14 21:57] – [Router 4] olivier
+++ documentation:examples:gre_ipsec_and_openvpn [2022/07/08 11:59] – [Tunnel with IKEv2 (strongswan)] olivier
@@ Line 250: / Line 250: @@
 service routing restart
 config save
+</code>
+Take care of avoiding fragmentation, TCP-MSS should be reduced on a gif using inet6, like with this pf.conf example:
+<code>
+set skip on lo0
+scrub on gif1 inet all max-mss 1200
+scrub on gif1 inet6 all max-mss 1180
+pass
 </code>
 ==== Router 4 ====
@@ Line 689: / Line 697: @@
 <code>
-cat > /usr/local/etc/ipsec.conf <<'EOF'
+cat > /usr/local/etc/ipsec.conf <<EOF
 config setup
@@ Line 707: / Line 715: @@
     rightid=VM4
     auto=start
-'EOF'
+EOF
 </code>
@@ Line 713: / Line 721: @@
 <code>
-cat > /usr/local/etc/ipsec.secrets <<'EOF'
+cat > /usr/local/etc/ipsec.secrets <<EOF
 VM4 VM2 : PSK "This is a strong password"
-'EOF'
+EOF
 </code>
@@ Line 721: / Line 729: @@
 <code>
-sysrc strongswan_enable=YES
+service strongswan enable
 service strongswan restart
 </code>
@@ Line 735: / Line 743: @@
 <code>
-cat > /usr/local/etc/ipsec.conf <<'EOF'
+cat > /usr/local/etc/ipsec.conf <<EOF
 config setup
@@ Line 752: / Line 760: @@
     rightid=VM2
     auto=route
-'EOF'
+EOF
 </code>
@@ Line 758: / Line 766: @@
 <code>
-cat > /usr/local/etc/ipsec.secrets <<'EOF'
+cat > /usr/local/etc/ipsec.secrets <<EOF
 VM4 VM2 : PSK "This is a strong password"
-'EOF'
+EOF
 </code>
@@ Line 766: / Line 774: @@
 <code>
-sysrc strongswan_enable=YES
+service strongswan enable
 service strongswan restart
 </code>