There is a basin, with several ethernetii, it is terminated the gre tunnel.
Of the customers come on Ezer, part of the pptp NAS and on the adjacent basin.
Is pf, without nat, all rules pass no state.
Those who are turned on by Ezer with MTU 1500, I can't get to some sites (including Habr), which can be seen via this gre tunnel. The specificity of these hosts is that all packages from them is a flag DF.
Tell me an effective way to adjust the TCP MSS in passing the traffic for FreeBSD
Included in pf scrub fragment reassemble on gre0 max-mss 1436, but unfortunately, did not help, probably because all the rules below without keep state.
I tried to use ng_tcpmss, traffic passes through the node, to no effect.