Date: Tue, 25 Jan 2005 15:42:43 -0500 From: Kris Maglione <bsdaemon@comcast.net> To: freebsd-questions@freebsd.org Subject: [Solved] Re: IPsec issue Message-ID: <41F6AF43.30205@comcast.net> In-Reply-To: <41F56E93.8050700@comcast.net> References: <41F56E93.8050700@comcast.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Kris Maglione wrote: > I secure my wireless network with IPsec. The rules are generated with > a perl script (included below) with a rule for each ip in the range > 192.168.1.3-192.168.1.254 (.2 is my AP). The key exchange is handled > by racoon and works without issue. I have "allow ip from any to any" > as my first ipfw rule when on this network. My firewall allows DHCP > and ISAKMP traffic unencrypted and allows only esp traffic otherwise. > > My problem is that certain websites tend not to work. I can look them > up and make a connection, but I get no incoming packets, although on > occasion they do work. Google is one such site. Also, it seems that > images don't always load for any site. Neither firewall is blocking > the traffic. When I make an OpenVPN link over the connection (it's > easier than disabling IPsec, since it's already setup for when I'm > away from home), the same websites work fine. The problem turned out to be that with the overhead of the IPsec headers, I needed to decrease the MTUs of both interfaces.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?41F6AF43.30205>