dev-docs: set an MTU on the VPN route (#3239)

2025-05-02 06:16:08 -04:00 · 2024-07-10 10:55:48 +02:00 · 2024-07-10 10:55:48 +02:00 · a6b0885f18
commit a6b0885f18
parent 2cf315911d
3 changed files with 15 additions and 2 deletions
--- a/dev-docs/howto/vpn/helm/templates/_helpers.tpl
+++ b/dev-docs/howto/vpn/helm/templates/_helpers.tpl
@ -39,4 +39,6 @@ app.kubernetes.io/instance: {{ .Release.Name }}
  value: {{ .Values.serviceCIDR | quote }}
 - name: VPN_FRONTEND_POD
  value: {{ include "..fullname" . }}-frontend-0
+- name: VPN_MTU
+  value: {{ .Values.mtu | quote }}
 {{- end }}
--- a/dev-docs/howto/vpn/helm/values.yaml
+++ b/dev-docs/howto/vpn/helm/values.yaml
@ -8,6 +8,10 @@ serviceCIDR: "10.96.0.0/12"
 # on-prem IP ranges to expose to Constellation. Must contain at least one CIDR.
 peerCIDRs: []

+# MTU to set on the VPN route. Leave empty if path MTU discovery is supported end-to-end.
+# See also https://docs.strongswan.org/docs/5.9/howtos/forwarding.html#_mtumss_issues.
+mtu: 1300
+
 # IPSec configuration
 ipsec:
  # pre-shared key used for authentication
@ -15,4 +19,4 @@ ipsec:
  # Address of the peer's gateway router.
  peer: ""

-image: "ghcr.io/edgelesssys/constellation/vpn@sha256:34e28ced172d04dfdadaadbefb1a53b5857cb24fb24e275fbbc537f3639a789e"
+image: "ghcr.io/edgelesssys/constellation/vpn@sha256:88b6a0265052cb0a68d20d9b20e0d42ef15e7a80e5f71201ecf32e004de2356e"