> On Mar 23, 2015, at 17:31 , Chris Buechler <c...@pfsense.org> wrote: > > On Thu, Mar 19, 2015 at 12:48 PM, Gregory K Shenaut > <gkshen...@ucdavis.edu> wrote: >> Hi, I have a system with two sites. One of the sites has two WAN >> connections, the other one. I have an IPSEC tunnel passing all traffic >> between the two sites. I'm having some difficulty with site-to-site access. >> I can ping anything in either site from either site, but can't do much of >> anything else. For example, I can't open web pages across the tunnel: >> sometime I get nothing, sometimes a hundred or so characters then nothing >> else. When I try to transfer lots of data across the tunnel, typically I get >> some initial data, again a hundred or so characters, then it hangs, and, >> frequently, the tunnel itself goes down and I have to wait for it to >> re-establish itself. >> > > Almost certainly needing MSS clamping. Advanced settings tab, check > that box there. Then start new connections (may want to kill states > just to make really sure), and things will probably work.
This worked like a champ! I didn't know that option existed. Thank you. Greg > 've tried all sorts of things, and I believe that there may be a problem in > routing due to the dual-WAN setup on one of the sites. I'm not entirely > certain, but it's possible the problem began when I set up dual-WAN. >> >> I'm on pfsense 2.2.1. >> >> There is a sentence in the documentation at >> <https://doc.pfsense.org/index.php/VPN_Capability_IPsec> under Prerequisites: >> >>> If pfSense is not the default gateway on the LAN where it is installed, >>> static routes must be added to the default gateway, pointing the remote VPN >>> subnet to the IP address on pfSense in the LAN subnet. >> > > Is that actually the case? VPN is on a separate box from the default > gateway on the LAN? > >> I've tried adding various static routes based on my understanding of that >> sentence, but they haven't helped, which is why I'm asking this question. >> >> First, preliminary question: when you make a change to the System > Static >> Routes web page and apply it, it seems like sometimes older >> routes aren't deleted. Is it necessary to reboot every time you change the >> static routes to make sure that you get rid of ones you deleted or >> deactivated? > > Never necessary to reboot. Where are you seeing they're still there? > Routes being there after you deleted the static route is generally > indicative of something else adding them back, like a dynamic routing > protocol, or them being in an OpenVPN client or server, or similar. > _______________________________________________ > pfSense mailing list > https://lists.pfsense.org/mailman/listinfo/list > Support the project with Gold! https://pfsense.org/gold _______________________________________________ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold