diff --git a/package/lean/luci-app-ipsec-vpnd/Makefile b/package/lean/luci-app-ipsec-vpnd/Makefile
index b7a83920f..450903763 100644
--- a/package/lean/luci-app-ipsec-vpnd/Makefile
+++ b/package/lean/luci-app-ipsec-vpnd/Makefile
@@ -9,7 +9,7 @@ LUCI_TITLE:=LuCI support for IPSec VPN Server (IKEv1 with PSK and Xauth)
 LUCI_DEPENDS:=+strongswan-minimal +strongswan-mod-xauth-generic
 LUCI_PKGARCH:=all
 PKG_VERSION:=1.0
-PKG_RELEASE:=7
+PKG_RELEASE:=8
 
 include $(TOPDIR)/feeds/luci/luci.mk
 
diff --git a/package/lean/luci-app-ipsec-vpnd/root/etc/ipsec.include b/package/lean/luci-app-ipsec-vpnd/root/etc/ipsec.include
index 5c7108080..118fd0e30 100755
--- a/package/lean/luci-app-ipsec-vpnd/root/etc/ipsec.include
+++ b/package/lean/luci-app-ipsec-vpnd/root/etc/ipsec.include
@@ -2,10 +2,12 @@ iptables -D FORWARD  -m policy --dir in --pol ipsec --proto esp -j ACCEPT 2>/dev
 iptables -D FORWARD  -m policy --dir out --pol ipsec --proto esp -j ACCEPT 2>/dev/null
 iptables -D INPUT -m policy --dir in --pol ipsec --proto esp -j ACCEPT 2>/dev/null
 iptables -D OUTPUT -m policy --dir out --pol ipsec --proto esp -j ACCEPT 2>/dev/null
+iptables -D FORWARD -p tcp --syn -i ppp+ -j TCPMSS --set-mss 1356 2>/dev/null
 
 iptables -I FORWARD  -m policy --dir in --pol ipsec --proto esp -j ACCEPT
 iptables -I FORWARD  -m policy --dir out --pol ipsec --proto esp -j ACCEPT
 iptables -I INPUT -m policy --dir in --pol ipsec --proto esp -j ACCEPT
 iptables -I OUTPUT -m policy --dir out --pol ipsec --proto esp -j ACCEPT
+iptables -I FORWARD -p tcp --syn -i ppp+ -j TCPMSS --set-mss 1356
 
 echo 1 > /proc/sys/net/ipv4/conf/br-lan/proxy_arp