<div dir="ltr"><div class="gmail_extra">Sounds like MTU problems... We had to set PMTU on our gateways to help with the process.</div><div class="gmail_extra"><br></div><div class="gmail_extra"><a href="https://www.linuxtopia.org/Linux_Firewall_iptables/x4700.html">https://www.linuxtopia.org/Linux_Firewall_iptables/x4700.html</a><br></div><div class="gmail_extra"><br></div><div class="gmail_extra">Feedback is welcome, interested if this could be the problem.</div><div class="gmail_extra"><br></div><div class="gmail_extra">Kevin</div><div class="gmail_extra"><br>
<br><div class="gmail_quote">2018-07-20 17:51 GMT+02:00 Ahammerl <span dir="ltr"><<a href="mailto:ahammerl@googlemail.com" target="_blank">ahammerl@googlemail.com</a>></span>:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div class="gmail-m_-7907840999465408079gmail-linestyle1 gmail-m_-7907840999465408079gmail-colourline" style="font-family:Consolas,"Lucida Console",monospace;padding-left:7px;word-wrap:break-word;color:rgb(0,0,0);font-size:12.8px;text-decoration-style:initial;text-decoration-color:initial"><span>Hi, </span></div><div class="gmail-m_-7907840999465408079gmail-linestyle1 gmail-m_-7907840999465408079gmail-colourline" style="font-family:Consolas,"Lucida Console",monospace;padding-left:7px;word-wrap:break-word;color:rgb(0,0,0);font-size:12.8px;text-decoration-style:initial;text-decoration-color:initial"><span><br></span></div><div class="gmail-m_-7907840999465408079gmail-linestyle1 gmail-m_-7907840999465408079gmail-colourline" style="font-family:Consolas,"Lucida Console",monospace;padding-left:7px;word-wrap:break-word;color:rgb(0,0,0);font-size:12.8px;text-decoration-style:initial;text-decoration-color:initial"><span>Connecting via <span style="background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline">Strongswan</span> VPN, using XAuth PSK, I have troubles visiting some websites (which don't seem to be blocking any IP in general). Could there be an issue with the route containing virtual host hops which are not available with all ISPs?</span></div><div class="gmail-m_-7907840999465408079gmail-linestyle2 gmail-m_-7907840999465408079gmail-colourline" style="font-family:Consolas,"Lucida Console",monospace;padding-left:7px;word-wrap:break-word;color:rgb(0,0,0);font-size:12.8px;text-decoration-style:initial;text-decoration-color:initial"><span><br></span></div><div class="gmail-m_-7907840999465408079gmail-linestyle2 gmail-m_-7907840999465408079gmail-colourline" style="font-family:Consolas,"Lucida Console",monospace;padding-left:7px;word-wrap:break-word;color:rgb(0,0,0);font-size:12.8px;text-decoration-style:initial;text-decoration-color:initial"><span>In my test, I connect one time to the VPN with telekom ISP, another time with a regional ISP. both connect well without problems and can visit most websites incl. google, <a href="http://whatsmyip.com" target="_blank">whatsmyip.com</a> etc. properly, which confirms the VPN IP with success.</span></div><div class="gmail-m_-7907840999465408079gmail-linestyle1 gmail-m_-7907840999465408079gmail-colourline" style="font-family:Consolas,"Lucida Console",monospace;padding-left:7px;word-wrap:break-word;color:rgb(0,0,0);font-size:12.8px;text-decoration-style:initial;text-decoration-color:initial"><span>However, trying to visit e.g.<span> </span><a href="http://www.ip8.com/" rel="noopener" target="_blank">www.ip8.com</a>, the 2nd connection is failing.</span></div><div class="gmail-m_-7907840999465408079gmail-linestyle2 gmail-m_-7907840999465408079gmail-colourline" style="font-family:Consolas,"Lucida Console",monospace;padding-left:7px;word-wrap:break-word;color:rgb(0,0,0);font-size:12.8px;text-decoration-style:initial;text-decoration-color:initial"><span><br></span></div><div class="gmail-m_-7907840999465408079gmail-linestyle2 gmail-m_-7907840999465408079gmail-colourline" style="font-family:Consolas,"Lucida Console",monospace;padding-left:7px;word-wrap:break-word;color:rgb(0,0,0);font-size:12.8px;text-decoration-style:initial;text-decoration-color:initial"><span>For comparison, with OpenVPN on the same server, it's working with both ISPs OK, visiting <a href="http://ip8.com" target="_blank">ip8.com</a> without troubles. With <span style="background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline">Strongswan</span> VPN as alternative, it fails to connect with the 2nd.</span></div><div class="gmail-m_-7907840999465408079gmail-linestyle1 gmail-m_-7907840999465408079gmail-colourline" style="font-family:Consolas,"Lucida Console",monospace;padding-left:7px;word-wrap:break-word;color:rgb(0,0,0);font-size:12.8px;text-decoration-style:initial;text-decoration-color:initial">Next, I compared the route with traceroute and mtr via <span style="background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline">Strongswan</span> VPN. This looks OK and it's the same route as I have when trying to connect from the VPN server itself to the website.    </div><div class="gmail-m_-7907840999465408079gmail-linestyle2 gmail-m_-7907840999465408079gmail-colourline" style="font-family:Consolas,"Lucida Console",monospace;padding-left:7px;word-wrap:break-word;color:rgb(0,0,0);font-size:12.8px;text-decoration-style:initial;text-decoration-color:initial"><span class="gmail-m_-7907840999465408079gmail-timestamp" style="display:inline"><br></span></div><div class="gmail-m_-7907840999465408079gmail-linestyle2 gmail-m_-7907840999465408079gmail-colourline" style="font-family:Consolas,"Lucida Console",monospace;padding-left:7px;word-wrap:break-word;color:rgb(0,0,0);font-size:12.8px;text-decoration-style:initial;text-decoration-color:initial"><span class="gmail-m_-7907840999465408079gmail-timestamp" style="display:inline">I</span><span>s there a known issue or do you have a hint how to resolve this by configuration changes, if possible..?</span></div><div class="gmail-m_-7907840999465408079gmail-linestyle2 gmail-m_-7907840999465408079gmail-colourline" style="font-family:Consolas,"Lucida Console",monospace;padding-left:7px;word-wrap:break-word;color:rgb(0,0,0);font-size:12.8px;text-decoration-style:initial;text-decoration-color:initial"><span><br></span></div><div class="gmail-m_-7907840999465408079gmail-linestyle2 gmail-m_-7907840999465408079gmail-colourline" style="font-family:Consolas,"Lucida Console",monospace;padding-left:7px;word-wrap:break-word;color:rgb(0,0,0);font-size:12.8px;text-decoration-style:initial;text-decoration-color:initial"><span>Thank you!</span></div></div>
</blockquote></div><br></div></div>