On 2022-11-29 07:19, Erwin Van de Velde wrote:
Normally you would see ICMP "message too big" errors on the network. Sometimes those ICMP messages get blocked on a firewall and fail to reach their destination. Make sure that RELATED connections are allowed by any stateful firewalls in the network.
I know TCP MSS can be set per route, but I usually stick to TCP MSS clamping via netfilter. https://tldp.org/HOWTO/Adv-Routing-HOWTO/lartc.cookbook.mtu-mss.html gives a good example, but use POSTROUTING instead of FORWARDING when using those rules on the endpoints. If all else fails, the --set-mss option can be used to test even lower values and stick a hard coded value on it to validate your assumptions.
She's trying to mix different size MTUs with 9000 on her main LAN to the server, but 1500 for IoT. Mixing MTUs will likely cause problems.