Having some trouble with dropped packets over a PepVPN between a Balance 20X and a Balance SDX.
I am noticing that when I do an MTU test (pinging at different packet size) over the VPN I simply get dropped packets rather than a warning that says that the packet can’t go through.
Both routers are able to successfully get to the Internet through WAN with an MTU of 1500.
I know there is additional overhead with VPN due to encapsulation, but I am not familiar with how much overhead the PepVPN adds.
When attempting to send a 1344 byte packet it goes through and responds on the VPN, but a 1355 byte packet does not. (see pings at end of post)
Is there a way for the system to notify that this size packet is too large to be used or does that not occur because of fragmentation due to the VPN?
Or does it seem that the WAN MTU needs to be lowered to accommodate?
ping 192.168.2.2 -f -l 1317
Pinging 192.168.2.2 with 1317 bytes of data:
Request timed out.
ping 192.168.2.2 -f -l 1316
Pinging 192.168.2.2 with 1316 bytes of data:
Reply from 192.168.2.2: bytes=1316 time=32ms TTL=126
ping 192.168.2.2 -f -l 1473
Pinging 192.168.2.2 with 1473 bytes of data:
Packet needs to be fragmented but DF set.