MTU considerations  |  Cloud VPN  |  Google Cloud (2024)

Table of Contents
Packet encapsulation and processing Gateway MTU versus payload MTU MTU in HA VPN gateways with IPv6 interfaces Cloud VPN payload MTU values Payload MTU for AEAD ciphers Payload MTU for non-AEAD ciphers What's next FAQs References

Themaximum transmission unit (MTU) is the size, in bytes, of the largest packet supported by a network layerprotocol, including both headers and IP packet payload.

Network packets sent over a VPN tunnel are encrypted and then encapsulated in anouter packet so that they can be routed. Cloud VPN tunnels useIPsec and ESP for encryption and encapsulation. Because the encapsulated inner packet mustit*elf fit within the MTU of the outer packet, its maximum IP packet payloadmust be smaller.

HA VPN over Cloud Interconnect doesn't support jumbo frames for encryptedVLAN attachments.

Packet encapsulation and processing

To successfully transmit packets using Cloud VPN tunnels, you mustenable prefragmentation on yourpeer VPN gateway so thatpackets that it sends are fragmented before they are encrypted andencapsulated.

See Also
WSL 2 and VPN - MTU size mattersChange default MTU size settings for PPP or VPN connections - Windows ClientOpenVPN MTU: Finding the Correct SettingsStandaardinstellingen voor MTU-grootte wijzigen voor PPP- of VPN-verbindingen - Windows Client

As a Cloud VPN tunnel processes packets bound for your peer network:

  • Cloud VPN uses MSS clamping to ensure that TCP packets fit within thepayload MTU before IPsec encapsulation.

  • For other protocols, Cloud VPN processes packets before IPsecencapsulation as follows:

    • If the packet's DF bit is set, and the Cloud VPN gatewaydetermines that fragmentation is necessary, the Cloud VPN gatewaysends an ICMP Fragmentation Needed (IPv4) or ICMPv6 Packet Too Big messageto the sender. Delivery of ICMP or ICMPv6 messages requires that youconfigure ingress allow firewall rules applicable to theCompute Engine VM sender –one rule to allow ICMP ingress, and, fordual-stack VMs, another rule to allow ICMPv6 ingress.
    • If the packet's DF bit is not set, and the Cloud VPN gatewayand the packet exceeds the payload MTU, the Cloud VPN gatewayattempts to deliver the packet. The packet might be dropped by asubsequent hop after the Cloud VPN tunnel if the packet is toolarge for the next hop.

For more details about MSS clamping and PMTUD, see MSS clamping and path MTUdiscovery in the VPCMTU documentation.

See Also
MTU setting across VPN or L2TP Tunnel – Network Performance Issues – Apalytics

Gateway MTU versus payload MTU

Cloud VPN differentiates between the Cloud VPN gatewayMTU and theCloud VPN payloadMTU. TheCloud VPN gateway MTU is:

  • 1460 bytes, for Cloud VPN tunnels
  • 1440 bytes, for HA VPN over Cloud Interconnect

Configure your peer VPN gateway to use an MTU that matches the correspondingCloud VPN gateway MTU.

The payload MTU for a Cloud VPN tunnel depends on what ciphers thetunnel is configured to use and whether the gateway uses IPv4 or IPv6 interfaces. For more information, see Cloud VPN payload MTU values.

MTU in HA VPN gateways with IPv6 interfaces

The gateway MTU is the same in both HA VPNgateways with IPv6 interfaces and HA VPNgateways with IPv4 interfaces. However, because IPv6 headers are largerthan IPv4 headers, the payload MTU of a gateway with IPv6 interfaces isalways 20 bytes smaller than the payload MTU for an identicalIPv4-addressed HA VPN gateway.

For example, an HA VPN gateway with IPv4 interfaces usingnon-AEAD ciphers has a gateway MTU of 1460 bytes and a payload MTU of 1406 bytes.Whereas, an HA VPN gateway with IPv6 interfaces using non-AEADciphers has a gateway MTU of 1440 bytes and a payload MTU of 1386 bytes.

For more information,see Maximum transmission unit.

Cloud VPN payload MTU values

The Cloud VPN payload MTU depends on the ciphers chosen in yourCloud VPN connection.

Payload MTU for AEAD ciphers

The following table shows phase 1 and phase 2 cipher combinations for non-AEADciphers that have an Cloud VPN payload MTU of:

  • 1406 bytes, for Cloud VPN tunnels
  • 1386 bytes, for HA VPN over Cloud Interconnect with IPv4 interfaces
  • 1366 bytes, for HA VPN over Cloud Interconnect with IPv6 interfaces
Phase 1 Phase 2
AES-GCM-16-128 AES-GCM-16-128
AES-GCM-16-192 AES-GCM-16-192
AES-GCM-16-256 AES-GCM-16-256
AES-GCM-16-128 AES-GCM-16-192
AES-GCM-16-192 AES-GCM-16-128
AES-GCM-16-256 AES-GCM-16-192
AES-GCM-16-128 AES-GCM-16-256
AES-GCM-16-192 AES-GCM-16-256
AES-GCM-16-256 AES-GCM-16-128

Payload MTU for non-AEAD ciphers

The following table shows phase 1 and phase 2 cipher combinations for non-AEADciphers that have an Cloud VPN payload MTU of:

  • 1374 bytes, for Cloud VPN tunnels
  • 1354 bytes, for HA VPN over Cloud Interconnect with IPv4 interfaces
  • 1334 bytes, for HA VPN over Cloud Interconnect with IPv6 interfaces
Phase 1 - Encryption Phase 1 - Integrity Phase 2 - Encryption Phase 2 - Integrity
AES-CBC-128 AES-XCBC-96 AES-CBC-128 HMAC-SHA2-512-256
AES-CBC-128 AES-XCBC-96 AES-CBC-192 HMAC-SHA2-512-256
AES-CBC-128 AES-XCBC-96 AES-CBC-256 HMAC-SHA2-512-256
AES-CBC-128 AES-CMAC-96 AES-CBC-128 HMAC-SHA2-512-256
AES-CBC-128 AES-CMAC-96 AES-CBC-192 HMAC-SHA2-512-256
AES-CBC-128 AES-CMAC-96 AES-CBC-256 HMAC-SHA2-512-256
AES-CBC-128 HMAC-SHA1-96 AES-CBC-128 HMAC-SHA2-512-256
AES-CBC-128 HMAC-SHA1-96 AES-CBC-192 HMAC-SHA2-512-256
AES-CBC-128 HMAC-SHA1-96 AES-CBC-256 HMAC-SHA2-512-256
AES-CBC-128 HMAC-MD5-96 AES-CBC-128 HMAC-SHA2-512-256
AES-CBC-128 HMAC-MD5-96 AES-CBC-192 HMAC-SHA2-512-256
AES-CBC-128 HMAC-MD5-96 AES-CBC-256 HMAC-SHA2-512-256
AES-CBC-128 HMAC-SHA256-128 AES-CBC-128 HMAC-SHA2-512-256
AES-CBC-128 HMAC-SHA256-128 AES-CBC-192 HMAC-SHA2-512-256
AES-CBC-128 HMAC-SHA256-128 AES-CBC-256 HMAC-SHA2-512-256
AES-CBC-128 HMAC-SHA384-192 AES-CBC-128 HMAC-SHA2-512-256
AES-CBC-128 HMAC-SHA384-192 AES-CBC-192 HMAC-SHA2-512-256
AES-CBC-128 HMAC-SHA384-192 AES-CBC-256 HMAC-SHA2-512-256
AES-CBC-128 HMAC-SHA512-256 AES-CBC-128 HMAC-SHA2-512-256
AES-CBC-128 HMAC-SHA512-256 AES-CBC-192 HMAC-SHA2-512-256
AES-CBC-128 HMAC-SHA512-256 AES-CBC-256 HMAC-SHA2-512-256
AES-CBC-192 AES-XCBC-96 AES-CBC-128 HMAC-SHA2-512-256
AES-CBC-192 AES-XCBC-96 AES-CBC-192 HMAC-SHA2-512-256
AES-CBC-192 AES-XCBC-96 AES-CBC-256 HMAC-SHA2-512-256
AES-CBC-192 AES-CMAC-96 AES-CBC-128 HMAC-SHA2-512-256
AES-CBC-192 AES-CMAC-96 AES-CBC-192 HMAC-SHA2-512-256
AES-CBC-192 AES-CMAC-96 AES-CBC-256 HMAC-SHA2-512-256
AES-CBC-192 HMAC-SHA1-96 AES-CBC-128 HMAC-SHA2-512-256
AES-CBC-192 HMAC-SHA1-96 AES-CBC-192 HMAC-SHA2-512-256
AES-CBC-192 HMAC-SHA1-96 AES-CBC-256 HMAC-SHA2-512-256
AES-CBC-192 HMAC-MD5-96 AES-CBC-128 HMAC-SHA2-512-256
AES-CBC-192 HMAC-MD5-96 AES-CBC-192 HMAC-SHA2-512-256
AES-CBC-192 HMAC-MD5-96 AES-CBC-256 HMAC-SHA2-512-256
AES-CBC-192 HMAC-SHA256-128 AES-CBC-128 HMAC-SHA2-512-256
AES-CBC-192 HMAC-SHA256-128 AES-CBC-192 HMAC-SHA2-512-256
AES-CBC-192 HMAC-SHA256-128 AES-CBC-256 HMAC-SHA2-512-256
AES-CBC-192 HMAC-SHA384-192 AES-CBC-128 HMAC-SHA2-512-256
AES-CBC-192 HMAC-SHA384-192 AES-CBC-192 HMAC-SHA2-512-256
AES-CBC-192 HMAC-SHA384-192 AES-CBC-256 HMAC-SHA2-512-256
AES-CBC-192 HMAC-SHA512-256 AES-CBC-128 HMAC-SHA2-512-256
AES-CBC-192 HMAC-SHA512-256 AES-CBC-192 HMAC-SHA2-512-256
AES-CBC-192 HMAC-SHA512-256 AES-CBC-256 HMAC-SHA2-512-256
AES-CBC-256 AES-XCBC-96 AES-CBC-128 HMAC-SHA2-512-256
AES-CBC-256 AES-XCBC-96 AES-CBC-192 HMAC-SHA2-512-256
AES-CBC-256 AES-XCBC-96 AES-CBC-256 HMAC-SHA2-512-256
AES-CBC-256 AES-CMAC-96 AES-CBC-128 HMAC-SHA2-512-256
AES-CBC-256 AES-CMAC-96 AES-CBC-192 HMAC-SHA2-512-256
AES-CBC-256 AES-CMAC-96 AES-CBC-256 HMAC-SHA2-512-256
AES-CBC-256 HMAC-SHA1-96 AES-CBC-128 HMAC-SHA2-512-256
AES-CBC-256 HMAC-SHA1-96 AES-CBC-192 HMAC-SHA2-512-256
AES-CBC-256 HMAC-SHA1-96 AES-CBC-256 HMAC-SHA2-512-256
AES-CBC-256 HMAC-MD5-96 AES-CBC-128 HMAC-SHA2-512-256
AES-CBC-256 HMAC-MD5-96 AES-CBC-192 HMAC-SHA2-512-256
AES-CBC-256 HMAC-MD5-96 AES-CBC-256 HMAC-SHA2-512-256
AES-CBC-256 HMAC-SHA256-128 AES-CBC-128 HMAC-SHA2-512-256
AES-CBC-256 HMAC-SHA256-128 AES-CBC-192 HMAC-SHA2-512-256
AES-CBC-256 HMAC-SHA256-128 AES-CBC-256 HMAC-SHA2-512-256
AES-CBC-256 HMAC-SHA384-192 AES-CBC-128 HMAC-SHA2-512-256
AES-CBC-256 HMAC-SHA384-192 AES-CBC-192 HMAC-SHA2-512-256
AES-CBC-256 HMAC-SHA384-192 AES-CBC-256 HMAC-SHA2-512-256
AES-CBC-256 HMAC-SHA512-256 AES-CBC-128 HMAC-SHA2-512-256
AES-CBC-256 HMAC-SHA512-256 AES-CBC-192 HMAC-SHA2-512-256
AES-CBC-256 HMAC-SHA512-256 AES-CBC-256 HMAC-SHA2-512-256
3DES-CBC AES-XCBC-96 AES-CBC-128 HMAC-SHA2-512-256
3DES-CBC AES-XCBC-96 AES-CBC-192 HMAC-SHA2-512-256
3DES-CBC AES-XCBC-96 AES-CBC-256 HMAC-SHA2-512-256
3DES-CBC AES-CMAC-96 AES-CBC-128 HMAC-SHA2-512-256
3DES-CBC AES-CMAC-96 AES-CBC-192 HMAC-SHA2-512-256
3DES-CBC AES-CMAC-96 AES-CBC-256 HMAC-SHA2-512-256
3DES-CBC HMAC-SHA1-96 AES-CBC-128 HMAC-SHA2-512-256
3DES-CBC HMAC-SHA1-96 AES-CBC-192 HMAC-SHA2-512-256
3DES-CBC HMAC-SHA1-96 AES-CBC-256 HMAC-SHA2-512-256
3DES-CBC HMAC-MD5-96 AES-CBC-128 HMAC-SHA2-512-256
3DES-CBC HMAC-MD5-96 AES-CBC-192 HMAC-SHA2-512-256
3DES-CBC HMAC-MD5-96 AES-CBC-256 HMAC-SHA2-512-256
3DES-CBC HMAC-SHA256-128 AES-CBC-128 HMAC-SHA2-512-256
3DES-CBC HMAC-SHA256-128 AES-CBC-192 HMAC-SHA2-512-256
3DES-CBC HMAC-SHA256-128 AES-CBC-256 HMAC-SHA2-512-256
3DES-CBC HMAC-SHA384-192 AES-CBC-128 HMAC-SHA2-512-256
3DES-CBC HMAC-SHA384-192 AES-CBC-192 HMAC-SHA2-512-256
3DES-CBC HMAC-SHA384-192 AES-CBC-256 HMAC-SHA2-512-256
3DES-CBC HMAC-SHA512-256 AES-CBC-128 HMAC-SHA2-512-256
3DES-CBC HMAC-SHA512-256 AES-CBC-192 HMAC-SHA2-512-256
3DES-CBC HMAC-SHA512-256 AES-CBC-256 HMAC-SHA2-512-256

The following table shows phase 1 and phase 2 cipher combinations for non-AEADciphers that have an Cloud VPN payload MTU of:

  • 1390 bytes, for Cloud VPN tunnels
  • 1370 bytes, for HA VPN over Cloud Interconnect with IPv4 interfaces
  • 1350 bytes, for HA VPN over Cloud Interconnect with IPv6 interfaces
Phase 1 - Encryption Phase 1 - Integrity Phase 2 - Encryption Phase 2 - Integrity
AES-CBC-128 AES-XCBC-96 AES-CBC-128 HMAC-SHA2-256-128
AES-CBC-128 AES-XCBC-96 AES-CBC-128 HMAC-SHA1-96
AES-CBC-128 AES-XCBC-96 AES-CBC-192 HMAC-SHA2-256-128
AES-CBC-128 AES-XCBC-96 AES-CBC-192 HMAC-SHA1-96
AES-CBC-128 AES-XCBC-96 AES-CBC-256 HMAC-SHA2-256-128
AES-CBC-128 AES-XCBC-96 AES-CBC-256 HMAC-SHA1-96
AES-CBC-128 AES-CMAC-96 AES-CBC-128 HMAC-SHA2-256-128
AES-CBC-128 AES-CMAC-96 AES-CBC-128 HMAC-SHA1-96
AES-CBC-128 AES-CMAC-96 AES-CBC-192 HMAC-SHA2-256-128
AES-CBC-128 AES-CMAC-96 AES-CBC-192 HMAC-SHA1-96
AES-CBC-128 AES-CMAC-96 AES-CBC-256 HMAC-SHA2-256-128
AES-CBC-128 AES-CMAC-96 AES-CBC-256 HMAC-SHA1-96
AES-CBC-128 HMAC-SHA1-96 AES-CBC-128 HMAC-SHA2-256-128
AES-CBC-128 HMAC-SHA1-96 AES-CBC-128 HMAC-SHA1-96
AES-CBC-128 HMAC-SHA1-96 AES-CBC-192 HMAC-SHA2-256-128
AES-CBC-128 HMAC-SHA1-96 AES-CBC-192 HMAC-SHA1-96
AES-CBC-128 HMAC-SHA1-96 AES-CBC-256 HMAC-SHA2-256-128
AES-CBC-128 HMAC-SHA1-96 AES-CBC-256 HMAC-SHA1-96
AES-CBC-128 HMAC-MD5-96 AES-CBC-128 HMAC-SHA2-256-128
AES-CBC-128 HMAC-MD5-96 AES-CBC-128 HMAC-SHA1-96
AES-CBC-128 HMAC-MD5-96 AES-CBC-192 HMAC-SHA2-256-128
AES-CBC-128 HMAC-MD5-96 AES-CBC-192 HMAC-SHA1-96
AES-CBC-128 HMAC-MD5-96 AES-CBC-256 HMAC-SHA2-256-128
AES-CBC-128 HMAC-MD5-96 AES-CBC-256 HMAC-SHA1-96
AES-CBC-128 HMAC-SHA256-128 AES-CBC-128 HMAC-SHA2-256-128
AES-CBC-128 HMAC-SHA256-128 AES-CBC-128 HMAC-SHA1-96
AES-CBC-128 HMAC-SHA256-128 AES-CBC-192 HMAC-SHA2-256-128
AES-CBC-128 HMAC-SHA256-128 AES-CBC-192 HMAC-SHA1-96
AES-CBC-128 HMAC-SHA256-128 AES-CBC-256 HMAC-SHA2-256-128
AES-CBC-128 HMAC-SHA256-128 AES-CBC-256 HMAC-SHA1-96
AES-CBC-128 HMAC-SHA384-192 AES-CBC-128 HMAC-SHA2-256-128
AES-CBC-128 HMAC-SHA384-192 AES-CBC-128 HMAC-SHA1-96
AES-CBC-128 HMAC-SHA384-192 AES-CBC-192 HMAC-SHA2-256-128
AES-CBC-128 HMAC-SHA384-192 AES-CBC-192 HMAC-SHA1-96
AES-CBC-128 HMAC-SHA384-192 AES-CBC-256 HMAC-SHA2-256-128
AES-CBC-128 HMAC-SHA384-192 AES-CBC-256 HMAC-SHA1-96
AES-CBC-128 HMAC-SHA512-256 AES-CBC-128 HMAC-SHA2-256-128
AES-CBC-128 HMAC-SHA512-256 AES-CBC-128 HMAC-SHA1-96
AES-CBC-128 HMAC-SHA512-256 AES-CBC-192 HMAC-SHA2-256-128
AES-CBC-128 HMAC-SHA512-256 AES-CBC-192 HMAC-SHA1-96
AES-CBC-128 HMAC-SHA512-256 AES-CBC-256 HMAC-SHA2-256-128
AES-CBC-128 HMAC-SHA512-256 AES-CBC-256 HMAC-SHA1-96
AES-CBC-192 AES-XCBC-96 AES-CBC-128 HMAC-SHA2-256-128
AES-CBC-192 AES-XCBC-96 AES-CBC-128 HMAC-SHA1-96
AES-CBC-192 AES-XCBC-96 AES-CBC-192 HMAC-SHA2-256-128
AES-CBC-192 AES-XCBC-96 AES-CBC-192 HMAC-SHA1-96
AES-CBC-192 AES-XCBC-96 AES-CBC-256 HMAC-SHA2-256-128
AES-CBC-192 AES-XCBC-96 AES-CBC-256 HMAC-SHA1-96
AES-CBC-192 AES-CMAC-96 AES-CBC-128 HMAC-SHA2-256-128
AES-CBC-192 AES-CMAC-96 AES-CBC-128 HMAC-SHA1-96
AES-CBC-192 AES-CMAC-96 AES-CBC-192 HMAC-SHA2-256-128
AES-CBC-192 AES-CMAC-96 AES-CBC-192 HMAC-SHA1-96
AES-CBC-192 AES-CMAC-96 AES-CBC-256 HMAC-SHA2-256-128
AES-CBC-192 AES-CMAC-96 AES-CBC-256 HMAC-SHA1-96
AES-CBC-192 HMAC-SHA1-96 AES-CBC-128 HMAC-SHA2-256-128
AES-CBC-192 HMAC-SHA1-96 AES-CBC-128 HMAC-SHA1-96
AES-CBC-192 HMAC-SHA1-96 AES-CBC-192 HMAC-SHA2-256-128
AES-CBC-192 HMAC-SHA1-96 AES-CBC-192 HMAC-SHA1-96
AES-CBC-192 HMAC-SHA1-96 AES-CBC-256 HMAC-SHA2-256-128
AES-CBC-192 HMAC-SHA1-96 AES-CBC-256 HMAC-SHA1-96
AES-CBC-192 HMAC-MD5-96 AES-CBC-128 HMAC-SHA2-256-128
AES-CBC-192 HMAC-MD5-96 AES-CBC-128 HMAC-SHA1-96
AES-CBC-192 HMAC-MD5-96 AES-CBC-192 HMAC-SHA2-256-128
AES-CBC-192 HMAC-MD5-96 AES-CBC-192 HMAC-SHA1-96
AES-CBC-192 HMAC-MD5-96 AES-CBC-256 HMAC-SHA2-256-128
AES-CBC-192 HMAC-MD5-96 AES-CBC-256 HMAC-SHA1-96
AES-CBC-192 HMAC-SHA256-128 AES-CBC-128 HMAC-SHA2-256-128
AES-CBC-192 HMAC-SHA256-128 AES-CBC-128 HMAC-SHA1-96
AES-CBC-192 HMAC-SHA256-128 AES-CBC-192 HMAC-SHA2-256-128
AES-CBC-192 HMAC-SHA256-128 AES-CBC-192 HMAC-SHA1-96
AES-CBC-192 HMAC-SHA256-128 AES-CBC-256 HMAC-SHA2-256-128
AES-CBC-192 HMAC-SHA256-128 AES-CBC-256 HMAC-SHA1-96
AES-CBC-192 HMAC-SHA384-192 AES-CBC-128 HMAC-SHA2-256-128
AES-CBC-192 HMAC-SHA384-192 AES-CBC-128 HMAC-SHA1-96
AES-CBC-192 HMAC-SHA384-192 AES-CBC-192 HMAC-SHA2-256-128
AES-CBC-192 HMAC-SHA384-192 AES-CBC-192 HMAC-SHA1-96
AES-CBC-192 HMAC-SHA384-192 AES-CBC-256 HMAC-SHA2-256-128
AES-CBC-192 HMAC-SHA384-192 AES-CBC-256 HMAC-SHA1-96
AES-CBC-192 HMAC-SHA512-256 AES-CBC-128 HMAC-SHA2-256-128
AES-CBC-192 HMAC-SHA512-256 AES-CBC-128 HMAC-SHA1-96
AES-CBC-192 HMAC-SHA512-256 AES-CBC-192 HMAC-SHA2-256-128
AES-CBC-192 HMAC-SHA512-256 AES-CBC-192 HMAC-SHA1-96
AES-CBC-192 HMAC-SHA512-256 AES-CBC-256 HMAC-SHA2-256-128
AES-CBC-192 HMAC-SHA512-256 AES-CBC-256 HMAC-SHA1-96
AES-CBC-256 AES-XCBC-96 AES-CBC-128 HMAC-SHA2-256-128
AES-CBC-256 AES-XCBC-96 AES-CBC-128 HMAC-SHA1-96
AES-CBC-256 AES-XCBC-96 AES-CBC-192 HMAC-SHA2-256-128
AES-CBC-256 AES-XCBC-96 AES-CBC-192 HMAC-SHA1-96
AES-CBC-256 AES-XCBC-96 AES-CBC-256 HMAC-SHA2-256-128
AES-CBC-256 AES-XCBC-96 AES-CBC-256 HMAC-SHA1-96
AES-CBC-256 AES-CMAC-96 AES-CBC-128 HMAC-SHA2-256-128
AES-CBC-256 AES-CMAC-96 AES-CBC-128 HMAC-SHA1-96
AES-CBC-256 AES-CMAC-96 AES-CBC-192 HMAC-SHA2-256-128
AES-CBC-256 AES-CMAC-96 AES-CBC-192 HMAC-SHA1-96
AES-CBC-256 AES-CMAC-96 AES-CBC-256 HMAC-SHA2-256-128
AES-CBC-256 AES-CMAC-96 AES-CBC-256 HMAC-SHA1-96
AES-CBC-256 HMAC-SHA1-96 AES-CBC-128 HMAC-SHA2-256-128
AES-CBC-256 HMAC-SHA1-96 AES-CBC-128 HMAC-SHA1-96
AES-CBC-256 HMAC-SHA1-96 AES-CBC-192 HMAC-SHA2-256-128
AES-CBC-256 HMAC-SHA1-96 AES-CBC-192 HMAC-SHA1-96
AES-CBC-256 HMAC-SHA1-96 AES-CBC-256 HMAC-SHA2-256-128
AES-CBC-256 HMAC-SHA1-96 AES-CBC-256 HMAC-SHA1-96
AES-CBC-256 HMAC-MD5-96 AES-CBC-128 HMAC-SHA2-256-128
AES-CBC-256 HMAC-MD5-96 AES-CBC-128 HMAC-SHA1-96
AES-CBC-256 HMAC-MD5-96 AES-CBC-192 HMAC-SHA2-256-128
AES-CBC-256 HMAC-MD5-96 AES-CBC-192 HMAC-SHA1-96
AES-CBC-256 HMAC-MD5-96 AES-CBC-256 HMAC-SHA2-256-128
AES-CBC-256 HMAC-MD5-96 AES-CBC-256 HMAC-SHA1-96
AES-CBC-256 HMAC-SHA256-128 AES-CBC-128 HMAC-SHA2-256-128
AES-CBC-256 HMAC-SHA256-128 AES-CBC-128 HMAC-SHA1-96
AES-CBC-256 HMAC-SHA256-128 AES-CBC-192 HMAC-SHA2-256-128
AES-CBC-256 HMAC-SHA256-128 AES-CBC-192 HMAC-SHA1-96
AES-CBC-256 HMAC-SHA256-128 AES-CBC-256 HMAC-SHA2-256-128
AES-CBC-256 HMAC-SHA256-128 AES-CBC-256 HMAC-SHA1-96
AES-CBC-256 HMAC-SHA384-192 AES-CBC-128 HMAC-SHA2-256-128
AES-CBC-256 HMAC-SHA384-192 AES-CBC-128 HMAC-SHA1-96
AES-CBC-256 HMAC-SHA384-192 AES-CBC-192 HMAC-SHA2-256-128
AES-CBC-256 HMAC-SHA384-192 AES-CBC-192 HMAC-SHA1-96
AES-CBC-256 HMAC-SHA384-192 AES-CBC-256 HMAC-SHA2-256-128
AES-CBC-256 HMAC-SHA384-192 AES-CBC-256 HMAC-SHA1-96
AES-CBC-256 HMAC-SHA512-256 AES-CBC-128 HMAC-SHA2-256-128
AES-CBC-256 HMAC-SHA512-256 AES-CBC-128 HMAC-SHA1-96
AES-CBC-256 HMAC-SHA512-256 AES-CBC-192 HMAC-SHA2-256-128
AES-CBC-256 HMAC-SHA512-256 AES-CBC-192 HMAC-SHA1-96
AES-CBC-256 HMAC-SHA512-256 AES-CBC-256 HMAC-SHA2-256-128
AES-CBC-256 HMAC-SHA512-256 AES-CBC-256 HMAC-SHA1-96
3DES-CBC AES-XCBC-96 AES-CBC-128 HMAC-SHA2-256-128
3DES-CBC AES-XCBC-96 AES-CBC-128 HMAC-SHA1-96
3DES-CBC AES-XCBC-96 AES-CBC-192 HMAC-SHA2-256-128
3DES-CBC AES-XCBC-96 AES-CBC-192 HMAC-SHA1-96
3DES-CBC AES-XCBC-96 AES-CBC-256 HMAC-SHA2-256-128
3DES-CBC AES-XCBC-96 AES-CBC-256 HMAC-SHA1-96
3DES-CBC AES-CMAC-96 AES-CBC-128 HMAC-SHA2-256-128
3DES-CBC AES-CMAC-96 AES-CBC-128 HMAC-SHA1-96
3DES-CBC AES-CMAC-96 AES-CBC-192 HMAC-SHA2-256-128
3DES-CBC AES-CMAC-96 AES-CBC-192 HMAC-SHA1-96
3DES-CBC AES-CMAC-96 AES-CBC-256 HMAC-SHA2-256-128
3DES-CBC AES-CMAC-96 AES-CBC-256 HMAC-SHA1-96
3DES-CBC HMAC-SHA1-96 AES-CBC-128 HMAC-SHA2-256-128
3DES-CBC HMAC-SHA1-96 AES-CBC-128 HMAC-SHA1-96
3DES-CBC HMAC-SHA1-96 AES-CBC-192 HMAC-SHA2-256-128
3DES-CBC HMAC-SHA1-96 AES-CBC-192 HMAC-SHA1-96
3DES-CBC HMAC-SHA1-96 AES-CBC-256 HMAC-SHA2-256-128
3DES-CBC HMAC-SHA1-96 AES-CBC-256 HMAC-SHA1-96
3DES-CBC HMAC-MD5-96 AES-CBC-128 HMAC-SHA2-256-128
3DES-CBC HMAC-MD5-96 AES-CBC-128 HMAC-SHA1-96
3DES-CBC HMAC-MD5-96 AES-CBC-192 HMAC-SHA2-256-128
3DES-CBC HMAC-MD5-96 AES-CBC-192 HMAC-SHA1-96
3DES-CBC HMAC-MD5-96 AES-CBC-256 HMAC-SHA2-256-128
3DES-CBC HMAC-MD5-96 AES-CBC-256 HMAC-SHA1-96
3DES-CBC HMAC-SHA256-128 AES-CBC-128 HMAC-SHA2-256-128
3DES-CBC HMAC-SHA256-128 AES-CBC-128 HMAC-SHA1-96
3DES-CBC HMAC-SHA256-128 AES-CBC-192 HMAC-SHA2-256-128
3DES-CBC HMAC-SHA256-128 AES-CBC-192 HMAC-SHA1-96
3DES-CBC HMAC-SHA256-128 AES-CBC-256 HMAC-SHA2-256-128
3DES-CBC HMAC-SHA256-128 AES-CBC-256 HMAC-SHA1-96
3DES-CBC HMAC-SHA384-192 AES-CBC-128 HMAC-SHA2-256-128
3DES-CBC HMAC-SHA384-192 AES-CBC-128 HMAC-SHA1-96
3DES-CBC HMAC-SHA384-192 AES-CBC-192 HMAC-SHA2-256-128
3DES-CBC HMAC-SHA384-192 AES-CBC-192 HMAC-SHA1-96
3DES-CBC HMAC-SHA384-192 AES-CBC-256 HMAC-SHA2-256-128
3DES-CBC HMAC-SHA384-192 AES-CBC-256 HMAC-SHA1-96
3DES-CBC HMAC-SHA512-256 AES-CBC-128 HMAC-SHA2-256-128
3DES-CBC HMAC-SHA512-256 AES-CBC-128 HMAC-SHA1-96
3DES-CBC HMAC-SHA512-256 AES-CBC-192 HMAC-SHA2-256-128
3DES-CBC HMAC-SHA512-256 AES-CBC-192 HMAC-SHA1-96
3DES-CBC HMAC-SHA512-256 AES-CBC-256 HMAC-SHA2-256-128
3DES-CBC HMAC-SHA512-256 AES-CBC-256 HMAC-SHA1-96

What's next

  • To learn about the basic concepts of Cloud VPN, see theCloud VPN overview.
  • To help you solve common issues that you might encounter when usingCloud VPN, see Troubleshooting.
MTU considerations  |  Cloud VPN  |  Google Cloud (2024)

FAQs

What is the MTU of cloud VPN? ›

The Cloud VPN gateway MTU is: 1460 bytes, for Cloud VPN tunnels. 1440 bytes, for HA VPN over Cloud Interconnect.

See More
What MTU should I use VPN? ›

Firstly, it's important to note that an MTU of 1460 bytes is generally recommended for OpenVPN connections. However, the MTU should be set to the same value on both sides of the connection.

Continue Reading
What is the MTU size of GCP VPN? ›

Valid VPC network MTU sizes. Virtual Private Cloud (VPC) networks use a default MTU of 1,460 bytes. You can set a VPC network's MTU to any value between 1,300 bytes and 8,896 bytes (inclusive). Common custom MTU sizes are 1,500 bytes (standard Ethernet) or 8,896 bytes (the maximum possible).

Know More
What is the MTU size of AWS VPN? ›

Site-to-Site VPN supports a maximum transmission unit (MTU) of 1446 bytes and a corresponding maximum segment size (MSS) of 1406 bytes. However, encryption algorithms have varying header sizes and can prevent the ability to achieve these maximum values.

Get More Info Here
What is the MTU of Azure VPN tunnel? ›

VPN and MTU

For Azure, we recommend that you set TCP MSS clamping to 1,350 bytes and tunnel interface MTU to 1,400.

Tell Me More
What is the MTU issue in VPN? ›

The issue occurs when the server or the client send relatively big packets as they are not aware of the MTU on the path. MTU on the path may be lower (due to the tunnel overhead), than what is configured on their local interfaces (usually client and server will have Ethernet interface with MTU of 1500 bytes).

Keep Reading
Should MTU be 1500 or 1492? ›

The MTU size includes the data payload, any transport headers (such as TCP, UDP, GRE, RTP, or ICMP), and the IP header. It is generally recommended that the MTU for a WAN interface connected to a PPPoE DSL network be 1492. In fact, with auto MTU discovery, 1492 is discovered to be the maximum allowed MTU.

Learn More
What is the minimum MTU for OpenVPN? ›

Set the maximum transmission unit (MTU) for Access Server. Note: For VPN tunnel MTU, the minimum allowable value is 576, and the maximum is 65536. We recommend setting it to 1420 when you enable DCO.

Get More Info Here
What is the MTU of a Cisco VPN? ›

MTU is normally changed in the router / VPN firewall. An MTU of 1500 is default and that is normally good for cable installations.

View More
What is MTU size in Meraki VPN? ›

The MX uses an MTU size of 1500 bytes on the WAN interface.

Know More

What is the MTU size of GlobalProtect? ›

The default MTU on GlobalProtect client side is 1400B.

Show Me More
What is the best MTU for VPN? ›

You may want to use MTU DOS Ping Test to determine the optimal MTU setting. The MTU must be set to the same setting on all your PC NICs and router. When using VPN, there is additional overhead and you may need to reduce the MTU to 1400 if you experience difficulties accessing email, web, or DSL connectivity problems.

Discover More Details
What is the MTU of WireGuard VPN? ›

Recommended MTU for overlay networking

WireGuard sets the Don't Fragment (DF) bit on its packets, and so the MTU for WireGuard on AKS needs to be set to 60 bytes below (or 80 bytes for IPv6) the 1400 MTU of the underlying network to avoid dropped packets.

Discover More
What is the MTU of IPv6 VPN? ›

The IPv6 tunnel is based on port5, and its MTU value of 1280 is automatically calculated from the MTU value of its physical interface minus the header.

See Details
What is the MTU of IBM cloud VPC? ›

In the IBM Cloud VPC network, you can enable jumbo frames with an MTU of 9000 bytes to increase virtual machine performance. However, the MTU is fixed at 1500 bytes on the IBM site-to-site VPN gateway because VPN traffic must travel over the internet.

Find Out More
What is the MTU size of AnyConnect? ›

The MTU value for VPN Client or SVC Client, used to connect to the VPN network, was set to 1300 bytes. With AnyConnect Client, the initial value is set to 1406 bytes. While it considers the transfer efficiency, various individual customizations are included to make the Settings more Complex.

Learn More Now
What is the MTU size of OpenVPN server? ›

The default MTU for Ethernet is 1500 bytes. For two devices to properly communicate they need to know this number. If they transmit packets larger than 1500 bytes the packets will be discarded by one of the network devices.

Read More
What is the MTU of Cloudflare? ›

Egress packets are routed via your ISP interface, and each packet must comply with the standard Internet routable maximum transmission unit (MTU), which is 1500 bytes.

See Details

References

Top Articles
University Calendar - Catholic International University
Official Calendar: Calendars: Student Central: IUPUI
25 Top Paying Bachelor Degrees — Alexis College Expert
Discover Top High Paying Jobs After BA 2024
Md Mile Split
Tramvaj 5 Kalemegdan (Beko) - Ustanička, Beograd | PlanPlus.rs
Atlanta Best Used Cars in 5141 Buford Hwy, Peachtree Corners, GA 30071, USA
Glas-Untersetzer SPIRIT 7-tlg
K K Nails Too | Nail salon in Rockford, MI
Qhc Learning
Bombshell Barista Pt 2
Fcs Teamehub
Latest Posts
Apple iPhone - Turn Virtual Private Network On / Off
What Are Open-Ear Headphones: A Guide to Ambient Listening
Article information

Author: Maia Crooks Jr

Last Updated:

Views: 6176

Rating: 4.2 / 5 (43 voted)

Reviews: 82% of readers found this page helpful

Author information

Name: Maia Crooks Jr

Birthday: 1997-09-21

Address: 93119 Joseph Street, Peggyfurt, NC 11582

Phone: +2983088926881

Job: Principal Design Liaison

Hobby: Web surfing, Skiing, role-playing games, Sketching, Polo, Sewing, Genealogy

Introduction: My name is Maia Crooks Jr, I am a homely, joyous, shiny, successful, hilarious, thoughtful, joyous person who loves writing and wants to share my knowledge and understanding with you.