What’s the best way to configure MTU/MSS size on ipsec site-to-site within pfsense? If I ping a remote ipaddress -f -l 1500 the packet needs to be fragmented. At 1470 & below I get a reply. The main thing we run into is RDP drop over ipsec. Any suggestions on how to best configure the s2s so that there isn’t any drops?

Thank you!

The defaults put in by pfsense should be fine.

I think they function, however rdp drops when you run terminal servers isn’t ideal.