Difference between gateway PMTU and tunnel MTU for a BOVPN Virtual Interface?
Hi,
I had a problem with dropped packages on a BOVPN configured with a Virtual Interface, I fixed it by lowering the tunnel MTU for the VPN to the right value.
I later found that in the Virtual Interface configuration, in the gateway advances settings there is a field to setup a PMTU and I am now wondering what is the difference and which one is the better option.
Is it that PMTU allows you to have a different MTU per gateway vs for the whole tunnel? and if you only have one gateway, is there any preference on where to set this up?
I ask specifically because given that I'm running 12.5.3 I had to set the tunnel MTU using the CLI so I guess that setting change is not saved as part of the configuration file which may cause trouble later if I for example upgrade the hardware and forget to set this manually again...
Comments
The MTU setting in the CLI is a hard setting -- that limits the tunnel to that size.
PMTU behaves differently, and only does this when it sees fragment traffic returned to it. You can see more about it here:
https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/networksetup/pmtu_setting_c.html
-James Carson
WatchGuard Customer Support
Ah!, I see. I didn't notice that the setting said "Minimum" and wrongly assumed it was a way to setup MTU per gateway.
That is a cool feature then and it means what I did to lower the MTU for my tunnel is the right way to do it...
Thanks!