Network design
GRE encapsulates one packet inside another and can provide a direct point-to-point connection between separate networks. In this deployment, the tunnel used a layer-two adapter so it could be bridged to other interfaces later.
The tunnel did not require internal addressing. I added static routes and the required ARP announcements so our address space could be reached behind the partner network.
The MTU problem
The physical path used a 1,500-byte MTU, while GRE added additional header overhead. Packets that already filled the original MTU could no longer cross the tunnel intact, leading to fragmentation or failed connections when path MTU discovery did not work as expected.
Correction
I corrected the path by advertising the appropriate MTU on the static routes and applying TCP MSS clamping with iptables. This ensured that endpoints negotiated segment sizes that fit inside the encapsulated path.
After the change, the tunnel carried the intended routes without the intermittent failures caused by oversized packets.