Customer needed a VPN configuration between 2 AR157W routers, in order to permit 2 IPBX devices connected to the routers to communicate between them.
As the first step, we reproduced customer's configuration in our laboratory and provided a valid configuration for a GRE tunnel between the routers, as the client was using OSPF as the routing protocol. After this configuration was implemented, the communication between customer's routers and the IPBX-es connected to them didn't work.
As the second step, we identified that the problem was that during communication, there were some fragments dropped. By doing packet capture, we found out that the communication uses TCP as the transport layer protocol to get the configuration from the peer router, but some packets lengths were larger than 1500 bytes and a there were also a few re-transmissions taking place.
If the size of an IP packet sent by the peer device exceeds the MTU (default MTU value is 1500 bytes), the IP packet is fragmented. To ensure that the packet transmission is not affected, the MSS value plus the header lengths (such as the TCP header and IP header) must not exceed the MTU value. In order to ensure that packets are not fragmented the recommended MSS value would be 1200 bytes.
Therefore, we suggested the implementation of the command: "TCP adjust-mss 1200 on tunnel0/0/0" on both routers.
Fragments are dropped during communication.
Use the command, on both routers : "TCP adjust-mss 1200 on tunnel0/0/0", to ensure that the MSS value plus the header lengths does not exceed the MTU value.