Jump to: navigation, search


586 bytes added, 15:24, 23 January 2013
tcpfix / MSS clamp functionality
You can check connectivity with a cron job, and add a stanza to /etc/network/interfaces to connect at boot.
=== Extra configuration ===
You will find at this point that most web sites work, but some few don't - they just freeze on loading or during initial SSL negotiation. This is because they are blocking ICMP, which is ''stupid'' - in part because they are then unable to indicate or respond to the need to fragment large packets. You can get round it by limiting the maximum packet size for TCP: set TCPfix on your clueless control panel, or on the router:
iptables -t mangle -F FORWARD
iptables -t mangle -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --set-mss 1452
== IPv6 ==

Navigation menu