[strongSwan] IP Fragmentation problems on some websites

Mark M mark076h at yahoo.com
Sat Jul 21 19:14:55 CEST 2012


I got my strongSwan gateway up and running. It is sitting behind my FIOS router and acting as VPN gateway for roadwarrior/mobile clients. I thought everything was working great until i noticed that some websites do not load. The first one i found was yahoo.com. I fired up Wireshark and noticed when i receive packets back from yahoo.com my strongSwan gateway sends Fragmentation needed ICMP messages back. 

Setting the MTU on my strongSwan gateway interfaces had no effect. I then set the MTU on my verizon FIOS router to 1400 and some pages would start to work ok, like yahoo.com would start to work but still others would not with the same fragmentation problem.

Instead of putting the MTU on my FISO router way down and possibly have other performance problems, is there an easy way to fix this? 

Thanks for any help,

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20120721/39188899/attachment.html>

More information about the Users mailing list