The MTU (Maximum Transmit Unit) setting on a router sets the maximum packet size for WAN communication. This MTU setting can be adjusted for each WAN interface.

Larger MTU settings provides greater efficiency in data transmission since each packet carries more data. However, if data packets are too large, they may become fragmented resulting in lower transmission speeds or unpredictable results. Optimizing the MTU value on the router’s WAN interface will help to improve communication performance and avoid such issues.

With VPN tunnels, a mismatch of the MTU sizes between the transmitter and receiver can result in similar problems being encountered.

Another term used is MSS (Maximum Segment Size) which is also used to indicate the largest size of data that TCP will send in a single IP packet. A TCP/IP header is 40 bytes, and the MSS should be at least 40 bytes lower than the peers’ MTUs.

An example of one type of problem that can occur due to a mismatch of MSS is described below. Using a telnet command is used to reduce the MSS to solve a transmission issue.

In this example, a network administrator is unable to bring up the Vigor2133 router web management page when trying to remotely access the router over a dialup PPTP VPN connection. A blank page is displayed.

 

 

The solution found was to reduce the VPN MSS size to 1300

step 1: Telnet to the router and run the following command:

                  vpn mss set 1 1300

Step 2: To check the final setting you can issue this command

vpn mss show                     it will display the actual values of mss

 

Step 3:  Once the remote dial in vpn is set . Type the WEB IP address eg 192.168.225.1  – It should  work now.

 

 

The detailed explanation of the telnet command is as follows:

vpn mss set <connection type> <TCP maximum segment size range>

Connection Types= 1->PPTP; 2->L2TP; 3->IPsec; 4->L2TP over IPsec; 5->GRE over IPsec; 6->SSL Tunnel

TCP maximum segment size range
PPTP : 1 ~ 1412
L2TP : 1 ~ 1408
IPsec : 1 ~ 1381
L2TP over IPsec : 1 ~ 1361
GRE over IPsec : 1 ~ 1365
SSL Tunnel : 1 ~ 1360