Hi, Those are likely all false leads. It's likely to be an MTU/MSS problem, which is described on the wiki[1].
Kind regards Noel [1] https://wiki.strongswan.org/projects/strongswan/wiki/ForwardingAndSplitTunneling#MTUMSS-issues Am 21.04.20 um 20:38 schrieb Narendra Joshi: > Hi, > > I have setup an IPSec gateway on a virtual instance in a VPC using a cloud > provider. The cloud provider has Elastic IPs that aren't attached to any > network interface on the virtual instance so strongSwan uses NAT-T. Also I > need to do SNAT/DNAT for mapping my side of the subnet that is advertised to > my VPN peer. > > I have found that this setup causes very frequent TCP checksum failures. > There are so frequent that an HTTP request fails ~50% of the time because TCP > connect times out. It would be great if anyone who has faced something > similar before can help me understand what is happening and how it can be > avoided. > > Here is an image of the setup I have: > > > Best regards,
signature.asc
Description: OpenPGP digital signature