[strongSwan] RDP over VPN tunnel
am at tbits.net
Tue Aug 17 12:58:01 CEST 2010
I know the problem. The packets from RDP are to big and needs to frag.
The Kernel 2.6 send the icmp packet "need to frag" to the client, but with the external IP address of the VPN Server.
The packet is not send over the VPN tunnel it is send plain over the external interface.
That means that this packet is not received by the client.
In my case I have a net2net VPN 10.1.0.0/16 <=> 10.3.0.0/16 over a third VPN Server with the external IP 192.168.100.2 and this IP is used for the ICMP packet.
11:59:10.227180 192.168.100.2 > 10.1.1.101: icmp: 10.3.10.10 unreachable - need to frag (mtu 1446) [tos 0xc0]
Do any know this problem and have a solution?
I have two VPN tunnels with 3 Server
|HostA| --- |HostB|---|HostC|
HostA and HostC
is running with strongswan 2.8.11 and Host B is running with strongswan 4.4.1. ICMP between all nets
binhind the hosts A,B,C is OK. But when I try to connect via RDP from Net A (HostA) to Net C (HostC)
over HostB, the RDP connection will not establish.
The same happens from NET C to NET A
over Host B.
But I can connect from Net B to Net A and Net C via RDP without any problems.
It seems that Host B do not forward all traffic to the other nets with a
higher package size.
It is not a iptables problem, it seem like mtu in the ipsec or
More information about the Users