This appears to be fixed in 1.2.4 EPA1.

@bmtauer is this still a problem for you?

The last rolling worked great. Saw the module was loaded on boot and MSS was clamped correctly.
Thanks!

Thank you!
I'll test the next rolling asap and report back.

Yes! That's what i need.
In my script above i had to put modprobe br_netfilter so it loads on system boot.

modprobe br_netfilter
iptables -t mangle -I POSTROUTING -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --set-mss 1400

If we could have br_netfilter loaded on boot in the image that would be great and would fix this problem.

Sorry i'm not sure we're on the same page.

@c-po thanks for mentioning the PPPoE connection, really got me thinking about the word POSTROUTING!
The solution is this -

In T1245#32694, @c-po wrote:

Your second command does kot specify any output interface whereas the first command speciefies tun0. Especially on ESXi you see almost no difference compared ro a vietual Box.

I myself run 1.2.0 in both a Physical and ESXi instance on PPPoE and use the clamping commands successfully on both nodes

Since the vyos-build readme was updated, i was able to update and test the change I requested above.
It fixes the issue presented above.

Any further action on this?
I can't find any public images and this thread is a bit lacking in information.

@mario is your ike-lifetime correct? That looks really short for an aws tunnel.
Otherwise yeah, I'd try with 1.2.

So just to be clear,

Sorry for the late response on this.

Why is this tagged under 1.2.x? You stated you're on version 1.1.8.