Update: Microsoft will be moving away from UserVoice sites on a product-by-product basis throughout the 2021 calendar year. We will leverage 1st party solutions for customer feedback. Learn more here.


My feedback

  1. 83 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  Networking » VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →

    Hi Scott,

    Thanks for the feedback – totally understand the pain points and confusion. There are a couple of constraints on the Azure side and also specifically with VPN. The key issue is this is for packets coming over the Internet which we can only assume total packet size of 1500 bytes max. Azure SDN platform performs additional encapsulation on the packets within our datacenter networks, so it will be subtracted from there.

    1. On the Azure VPN gateways, the recommendation is to set TCP MSS clamping to 1350; or if not possible for your device, then set MTU to 1400 bytes on the IPsec tunnel interface. We had updated/clarified the Azure documentation to call that out.

    2. Changing MTU currently is not possible from the Azure VPN gateways. We will take it into configuration, but it will not be possible in the short term due to the scale…

    An error occurred while saving the comment
    Anonymous commented  · 

    Hi Scott,

    I am experiencing the similar issue but in my case the packet did not even go out. The large packets are marked as bad checksum and it seems like just dropping them as errors. Would you please advise me if you were able to resolve your issue?


Feedback and Knowledge Base