Instead of using a non-default MTU on my network, I've instead implemented TCP MSS clamping.
Specifically, I reset all of the interfaces on my networks back to
using an MTU of 1500
(including those on the router), and added
the following pf rule:
scrub on $nic_ppp max-mss 1440
That rule clamps the maximum TCP segment length on the
PPP interface to 1440
. Why 1440
? It's
essentially down to the per-packet overhead of each protocol that's
involved. Typically, that'll be 40
or so bytes for an IPv6 packet
header, 8
bytes for PPPoE, and some
loose change.
So far, nothing has broken with the new settings. No TLS handshake failures, no sudden broken pipes on SSH sessions, no issues sending mail.