LinuxQuestions.org - MTU reconfiguration on a bridge setup, bridging IPSEC in a tagged VLAN

- Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)

- - MTU reconfiguration on a bridge setup, bridging IPSEC in a tagged VLAN (https://www.linuxquestions.org/questions/linux-networking-3/mtu-reconfiguration-on-a-bridge-setup-bridging-ipsec-in-a-tagged-vlan-790841/)

MTU reconfiguration on a bridge setup, bridging IPSEC in a tagged VLAN

Hi everybody,

I have problems with MTUs. Only VPN/ESP) packets are dropped in by configuration. I suspect the problem is about MTUs.

My configuration:

Eth2, noIP setting, MTU 1500, UP
Eth2, noIP setting, MTU 1500, UP
Br0, bridged bw eth2 and eth3, MTU 1500, UP,

Br0 is bridging internal network which consists of tagged VLANs. One of the VLAN customer is using IPSEC VPN between him and some internet point. So, my bridge will pass ESP which is in a 8021q VLAN through the bridge.

What should be the correct MTU configurations? Should I decrease or increase the MTU, how many, Why?

1500 is normal size for ethernet.
But when you use VPN, you are encapsulating VPN in TCP/IP packets.
To find the problem, you have to analyze what kind of packets was dropped and where.