Add TCPMSS rule when setting up VPNs

Third-party VPNs use policy routing to reroute Chrome/chronos traffic
through the tunnel.  This causes the MSS on TCP SYN packets to reflect
the MTU from the original interface, not the tunnel MTU.  Add a firewall
rule that fixes this.

TEST=manually verify MSS via tcpdump
TEST=`FEATURES=test emerge-link firewalld`

Change-Id: Ib1554bf8c3b061fde5a28c33b6df7a554c6c2686
Commit-Ready: Kevin Cernekee <>
Tested-by: Kevin Cernekee <>
Reviewed-by: Luigi Semenzato <>
Reviewed-by: Jorge Lucangeli Obes <>
1 file changed