This bug report is filed after a troubleshooting session at the Slack channel, as requested by @Viacheslav
In 1.3.3, the following policy rule set worked for applying set-mss and setting table on 1 packet
Interfaces:
eth1.1761: LAN VLAN
tun0: a GRE tunnel to a VPS
1.3 config.boot excerpt
policy {
route VIA-TUN {
rule 4 {
protocol tcp
set {
tcp-mss 1436
}
source {
address 10.105.0.0/16
}
tcp {
flags SYN
}
}
rule 5 {
destination {
address 10.0.0.0/8
}
set {
table main
}
}
rule 6 {
destination {
address <WAN IP address>
}
protocol tcp_udp
set {
table main
}
}
rule 10 {
destination {
address !10.0.0.0/8
}
set {
table 100
}
source {
address 10.105.0.0/16
}
}
}
}However, after updating to 1.4.0-epa2, the rule is no longer working
1.4.0-epa2 config.boot excerpt
policy {
route VIA-TUN {
interface "eth1.1761"
rule 4 {
protocol "tcp"
set {
tcp-mss "1436"
}
source {
address "10.105.0.0/16"
}
tcp {
flags {
syn
}
}
}
rule 5 {
destination {
address "10.0.0.0/8"
}
set {
table "main"
}
}
rule 6 {
destination {
address "<WAN IP address>"
}
protocol "tcp_udp"
set {
table "main"
}
}
rule 10 {
destination {
address "!10.0.0.0/8"
}
set {
table "100"
}
source {
address "10.105.0.0/16"
}
}
}
}In order to make it work again, the following config has to be applied:
1.4.0-epa2 show policy excerpt
Rule 4 here is replaced by rule 11
policy {
route VIA-MISAKA-HKG {
interface eth1.1761
rule 5 {
destination {
address 10.0.0.0/8
}
set {
table main
}
}
rule 6 {
destination {
address <WAN IP address>
}
protocol tcp_udp
set {
table main
}
}
rule 10 {
destination {
address !10.0.0.0/8
}
disable
protocol tcp
set {
table 100
tcp-mss 1436
}
source {
address 10.105.0.0/16
}
tcp {
flags {
syn
}
}
}
rule 11 {
destination {
address !10.0.0.0/8
}
set {
table 100
}
source {
address 10.105.0.0/16
}
}
}