Description
We have a set up of on prem network with linux netbird route agent
on a remote cloud private network i installed a linux instance with netbird agent to act as a route agent.
when we try to access a Cisco CIMC from one instance in the cloud to the CIMC in the onprem network, the https works only every few minutes.
using wireshark and tcpdump it seems that the source cloud machine sends the packet at 1440 MTU but the tunnel between the netbird agents are on 1280 MTU.
when the source sends the first https request we see this:
ens4 In IP 10.44.10.250.44406 > 10.9.5.128.443: Flags [S], seq 1724526072, win 42600, options [mss 1420,sackOK,TS val 648386237 ecr 0,nop,wscale 7], length 0
the mss is 1420 which doesnt go through.
when i added this line to the netbird route agent on the cloud side:
iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --set-mss 1240
it worked just fine but will need to re-run this each time the server restarts or the netbird reconnects.