Update: Microsoft will be moving away from UserVoice sites on a product-by-product basis throughout the 2021 calendar year. We will leverage 1st party solutions for customer feedback. Learn more here.


My feedback

  1. 83 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  Networking » VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →

    Hi Scott,

    Thanks for the feedback – totally understand the pain points and confusion. There are a couple of constraints on the Azure side and also specifically with VPN. The key issue is this is for packets coming over the Internet which we can only assume total packet size of 1500 bytes max. Azure SDN platform performs additional encapsulation on the packets within our datacenter networks, so it will be subtracted from there.

    1. On the Azure VPN gateways, the recommendation is to set TCP MSS clamping to 1350; or if not possible for your device, then set MTU to 1400 bytes on the IPsec tunnel interface. We had updated/clarified the Azure documentation to call that out.

    2. Changing MTU currently is not possible from the Azure VPN gateways. We will take it into configuration, but it will not be possible in the short term due to the scale…

    An error occurred while saving the comment
    CA RIBON commented  · 

    This is a great issue on Azure infrastructure. In our case we have some servers that send a frame with don’t fragment field set, for that, the frame is dropped out by the Azure VPN GW.

    My question. Why cannot a MTU of 1500 be configured? When Is Azure going to fix the issue with the value of the MTU and the MSS?

Feedback and Knowledge Base