Date: Mon, 29 Nov 2004 15:24:58 +1100 From: Andrew Thomson <andrewjt@applecomm.net> To: freebsd-questions@freebsd.org Subject: ipsec vpn mtu problem Message-ID: <1101702298.38278.11.camel@itouch-1011.prv.au.itouchnet.net>
next in thread | raw e-mail | index | archive | help
I have a problem with a freebsd lan to lan IPSEC vpn. Specifically seems to be an mtu related problem. Previously I have set these up and they have run perfectly between freebsd firewalls acting as the vpn terminator. The latest site that I'm trying to connect to has a basic internet connection. Although it is a business ethernet connection, it's looking similar to a PPPoE link that I have at home! Anyway, in order to get a reliable internet connection, the MTU on the public interface had to be dropped to 1492. Once down, the internet worked a treat. Lan to lan VPN config was done with setkey and racoon, up and running very quickly. However when we try to move data across this link, it gets a bit done and then conks out. > scp rt-3.2.2.tar.gz root@192.168.40.10: root@192.168.40.10's password: rt-3.2.2.tar.gz 11% 144KB 36.7KB/s - stalled - All my other VPNs work perfectly however none of them required the MTU change. This is the first one that required an MTU change and the first one that doesn't seem to be able to handle anything more than a ping. One side is running 4.3-RELEASE-p28, the other is running 5.3-STABLE. The 5.3 box is the one that has the dodge internet link requiring the MTU change. Any thoughts would be much appreciated. ajt. -- Andrew Thomson <andrewjt@applecomm.net>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1101702298.38278.11.camel>