<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
Hi,<br>
<br>
I have an issue with one of my tunnels. On both side installed is
strongswan 5.5.1-4+deb9u4 on Debian 9.<br>
<br>
Here is the config<br>
<br>
conn connection1<br>
type=tunnel<br>
left=IP_Server_A<br>
leftsubnet=10.155.0.1/32<br>
leftfirewall=yes<br>
leftid=IP_Server_A<br>
right=IP_Server_B<br>
rightsubnet=10.100.0.1/24<br>
rightid=IP_Server_B<br>
auto=start<br>
compress=yes<br>
#Phase-1<br>
keyexchange=ikev2<br>
authby=secret<br>
ike=aes256-sha256-modp4096<br>
ikelifetime=24h<br>
#Phase-2<br>
keylife=1h<br>
esp=aes256-sha256-modp4096<br>
<br>
Other side looks like that, with left and right switched. <br>
<br>
Ping works from A to B and from B to A. <br>
When I ssh from B to A, it works, but as soon as I have a larger
terminal output the connection breaks. <br>
When I ssh from A to B, everything works fine.<br>
<br>
When I do a scp on server B to push a file to server A, everything
works fine, even for huge files.<br>
<br>
When I do a scp on server B to pull a file from server A, it breaks
after a few bytes and doesn't continue.<br>
<br>
I thought this sounds like a MTU issue. I tried setting
fragmentation=yes, which did not help. The external interfaces on
both sides have mtu 1500 set, at least that's what "ip link show"
says.<br>
<br>
I tried to find out which MTU would work with the ping -M do -s
command. And it seems everything above 1410 causes trouble. So I
guess setting it to 1400 would be fine... But how? I'd rather not
set the external interface MTU, since there are a lot of other
tunnels on those servers that work just fine except for this one<br>
<br>
Thanks for any help!<code> </code><code></code><br>
<code></code>
<div class="codefilter-code"><br>
</div>
</body>
</html>