From ed3ba2e0fa649142cde033ad431d2c750856d9c5 Mon Sep 17 00:00:00 2001
From: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date: Tue, 21 Apr 2015 11:04:23 +0200
Subject: [PATCH] mention about clamping MSS

---
 src/ocserv-args.def | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/src/ocserv-args.def b/src/ocserv-args.def
index 75880f48..80f351e8 100644
--- a/src/ocserv-args.def
+++ b/src/ocserv-args.def
@@ -824,6 +824,17 @@ and user-profile options must be set in ocserv's configuration.
 _EOT_;
 };
 
+doc-section = {
+  ds-type = 'NETWORKING CONSIDERATIONS';
+  ds-format = 'texi';
+  ds-text   = <<-_EOT_
+In certain setups, where a firewall may be blocking ICMP responses, it is setting the
+MSS of TCP connections to MTU will eliminate the "black hole" connection issues.
+See http://lartc.org/howto/lartc.cookbook.mtu-mss.html for instructions
+to enable it on a Linux system.
+_EOT_;
+};
+
 doc-section = {
   ds-type   = 'SEE ALSO';
   ds-format = 'man';