When creating route(6) policy you cant apply it to dynamic interfaces like pppoe* or l2tp*. This is needed to set TCP MSS on dynamic interfaces for example.
The problem raises when two pppoe or l2tp subscribers talk to each other - we need to clamp TCP MSS but there is no way to configure this.
My current workaround looks like this:
First we need to create route policy to get the rule chain VYOS_PBR_POSTROUTING within rule "ip mangle" created
config set policy route l2tp-tcp-mss rule 100 protocol 'tcp' set policy route l2tp-tcp-mss rule 100 set tcp-mss '1300' set policy route l2tp-tcp-mss rule 100 tcp flags syn commit save exit
Then we do TCP MSS change within that rule
sudo nft add rule ip mangle VYOS_PBR_POSTROUTING 'oifname "l2tp*" tcp flags & syn == syn counter tcp option maxseg size set 1300'
There is a need for an option to set interface mask for policy route:
set interfaces pppoe pppoe* policy route <policy name>
set interfaces ipoe ipoe* policy route <policy name>
set interfaces l2tp l2tp* policy route <policy name>
Thank you,
Alexander