From 1c0cfaa5949e4303e8e4e2f041af86a812f3fe6c Mon Sep 17 00:00:00 2001
From: Michael Tremer <michael.tremer@ipfire.org>
Date: Mon, 26 Feb 2018 15:37:49 +0000
Subject: [PATCH] Disable Path MTU discovery

This seems to be a failed concept and causes issues with transferring
large packets through an IPsec tunnel connection.

This configures the kernel to still respond to PMTU ICMP discovery
messages, but will not try this on its own.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---
 config/etc/sysctl.conf                    | 3 +++
 config/rootfiles/core/120/filelists/files | 1 +
 2 files changed, 4 insertions(+)

diff --git a/config/etc/sysctl.conf b/config/etc/sysctl.conf
index ad562404f..f3897c3c7 100644
--- a/config/etc/sysctl.conf
+++ b/config/etc/sysctl.conf
@@ -1,6 +1,9 @@
 net.ipv4.ip_forward = 1
 net.ipv4.ip_dynaddr = 1
 
+# Disable Path MTU Discovery
+net.ipv4.ip_no_pmtu_disc = 1
+
 net.ipv4.icmp_echo_ignore_broadcasts = 1
 net.ipv4.icmp_ignore_bogus_error_responses = 1
 net.ipv4.icmp_ratelimit = 1000
diff --git a/config/rootfiles/core/120/filelists/files b/config/rootfiles/core/120/filelists/files
index 5b1359ac3..3df114800 100644
--- a/config/rootfiles/core/120/filelists/files
+++ b/config/rootfiles/core/120/filelists/files
@@ -1,5 +1,6 @@
 etc/system-release
 etc/issue
+etc/sysctl.conf
 etc/fcron.daily/openvpn-crl-updater
 etc/rc.d/init.d/dhcp
 srv/web/ipfire/cgi-bin/ovpnmain.cgi