1 | initial version |
The problem is that the negotiated MSS is too large that it would go through the network un-fragmented.
As your outbound packets ae the Dont Fragment bit set in the IP header you should normally see inbound
ICMP packets if fragmentation was required along the path (Path MTU Discovery).
Those ICMP packets would carry the netx hop's MTU size so the sender can learn and dynamically adjust/reduce the MTU size of the host route.
Those ICMP packets however are not arriving at the sender so it continues to send (re-transmit) with too large IP packets that all suffer the same death somewhere along the path.
So the underlying problem is that necessary ICMP packets for PATH MTU Discovery process are either not sent or blocked somewhere in the network.
Manually reducing the MTU below the bottleneck's MTU size circumvents this problem.
Hope this explains it to your satisfaction.
Regards Matthias