IPsec VPN connections require matching MTU

After spending a long time trying to work out why some pings were randomly dropped between hosts on different segments of a virtual LAN connected by a transparent IPsec VPN tunnel, I discovered that the MTU for the underlying connection on both ends of the VPN should be set the same. The default for ADSL is usually 1492, whereas 1500 is frequently used for other connection types such as cable or fibre. When I changed the settings at both ends to 1442 (allowing some overhead for IPsec) then the random ping loss stopped.

Add new comment