I changed my configuration on the mobile initiator side only.
You're right about the MSS only affecting TCP - but my understanding is
that it affects the size of packets before encapsulation in UDP, so your
final, encapsulated UDP packets also end up smaller.
Cheers,
Alex
On Tue, 2 May 2017 at 1
Hello Alex
Alexander Hill wrote:
> It sounds like an issue with that provider's network configuration
> rather than with the bandwidth or latency.
This is my opinion as well.
> Try lowering MTU/MSS with either the
> charon.plugins.kernel-netlink.mss/mtu settings or via iptables.
I have tried
I don't see any loopback addresses listed in the "known interfaces":
8150 00[KNL] known interfaces and IP addresses:
8151 00[KNL] p2p1
8152 00[KNL] 169.x.x.x
8153 00[KNL] fe80:::4ae5
where p2p1 interface has an internal 169 IP, not the one I want to listen
on. The IP I want to listen on
I seem to have found the problem, it was on my local endpoint. The
gateway have default IP-table rules in prerouting table dropping traffic
entering any WAN-interface destined to a LAN-subnet, which I understand
is normal as long as their isn't any IPsec involved :) Below exlude rule
solves it.
Hi,
I am using strongswan 5.1.2 on Ubuntu 14.04 and I need to specify the IP
address on which to listen on. I found some ipsec.conf manpages (
https://linux.die.net/man/5/ipsec.conf) which suggest a config item
"listen", but strongswan 5.1.2 at least doesn't seem to have this option.
Is there not
Hi René,
It sounds like an issue with that provider's network configuration rather
than with the bandwidth or latency.
Try lowering MTU/MSS with either the charon.plugins.kernel-netlink.mss/mtu
settings or via iptables.
https://wiki.strongswan.org/projects/strongswan/wiki/ForwardingAndSplitTunne
Hello Noel
> set net.ipv4.ip_no_pmtu_disc=1
Doesn't help.
> Try to enable IKE fragmentation, if you can, by setting "fragmentation=yes".
> That will enable fragmentation if the remote peer supports it.
Fragmentation isn't supported by the peer AFAIK.
> The problem is that the message gets lost
I can't help you further easily. You need to check what happens to the packets
and what actually needs to happen.
On 30.04.2017 23:25, Dusan Ilic wrote:
>
> I have added following on local router
>
> iptables -t nat -I POSTROUTING -s 10.1.1.0/26 -o vlan847 -m policy --dir out
> --pol ipsec --pr