Are you using an ip address or FQDN as the vpn target for the students to
connect to?
> On 14 Mar 2024, at 1:14 pm, James Andrewartha wrote:
>
> On Thu, 14 Mar 2024, James Andrewartha wrote:
>
>> We've recently rolled out a Fortigate IKEv2 IPSec VPN to our student
>> devices and it works well
On Thu, 14 Mar 2024, James Andrewartha wrote:
> We've recently rolled out a Fortigate IKEv2 IPSec VPN to our student
> devices and it works well for most of them, but for some it works for a
> short time (5 seconds to 5 minutes) and then gets stuck, leaving the
> student with no internet access
"works for some time then gets stuck" sounds like a classic symptom of
smaller-than-1500 MTU.
of which many mobile networks do things like set tcp mss. but that
obviously won't do anything for ipsec traffic.
___
AusNOG mailing list
AusNOG@lists.ausnog.net
Can you force a sub 5 minute keepalive?
-Original Message-
From: AusNOG On Behalf Of James
Andrewartha
Sent: Thursday, March 14, 2024 3:59 PM
To: ausnog@lists.ausnog.net
Subject: [AusNOG] VPNs over Telstra wireless broadband
Hi noggers,
We've recently rolled out a Fortigate IKEv2 IPSec
Hi noggers,
We've recently rolled out a Fortigate IKEv2 IPSec VPN to our student
devices and it works well for most of them, but for some it works for a
short time (5 seconds to 5 minutes) and then gets stuck, leaving the
student with no internet access (since we force it to be always-on). Even