On Mar 23, 2015, at 17:31 , Chris Buechler c...@pfsense.org wrote:
On Thu, Mar 19, 2015 at 12:48 PM, Gregory K Shenaut
gkshen...@ucdavis.edu wrote:
Hi, I have a system with two sites. One of the sites has two WAN
connections, the other one. I have an IPSEC tunnel passing all traffic
between the two sites. I'm having some difficulty with site-to-site access.
I can ping anything in either site from either site, but can't do much of
anything else. For example, I can't open web pages across the tunnel:
sometime I get nothing, sometimes a hundred or so characters then nothing
else. When I try to transfer lots of data across the tunnel, typically I get
some initial data, again a hundred or so characters, then it hangs, and,
frequently, the tunnel itself goes down and I have to wait for it to
re-establish itself.
Almost certainly needing MSS clamping. Advanced settings tab, check
that box there. Then start new connections (may want to kill states
just to make really sure), and things will probably work.
This worked like a champ! I didn't know that option existed. Thank you.
Greg
've tried all sorts of things, and I believe that there may be a problem in
routing due to the dual-WAN setup on one of the sites. I'm not entirely
certain, but it's possible the problem began when I set up dual-WAN.
I'm on pfsense 2.2.1.
There is a sentence in the documentation at
https://doc.pfsense.org/index.php/VPN_Capability_IPsec under Prerequisites:
If pfSense is not the default gateway on the LAN where it is installed,
static routes must be added to the default gateway, pointing the remote VPN
subnet to the IP address on pfSense in the LAN subnet.
Is that actually the case? VPN is on a separate box from the default
gateway on the LAN?
I've tried adding various static routes based on my understanding of that
sentence, but they haven't helped, which is why I'm asking this question.
First, preliminary question: when you make a change to the System Static
Routes web page and apply it, it seems like sometimes older
routes aren't deleted. Is it necessary to reboot every time you change the
static routes to make sure that you get rid of ones you deleted or
deactivated?
Never necessary to reboot. Where are you seeing they're still there?
Routes being there after you deleted the static route is generally
indicative of something else adding them back, like a dynamic routing
protocol, or them being in an OpenVPN client or server, or similar.
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold