IPsec: Quest of the ever elusive TCPMSS
TCPMSS - AKA Maximum Segment Size - an extremely important TCP value in it's own right. It determines how large the data block in any tcp packet is. When your dealing with IPsec VPNs, this value, and not as much the MTU decides your success or failure.
When dealing with Encrypted sessions you can either set this or MTU. Often times lowering MTU can lead to session locks and other problems.
netfilter tcpmms target
lartc cookbook