[strongSwan] https website problem
Emanuil Hristov
int986 at gmail.com
Fri Jan 18 11:56:39 CET 2013
Hi,
may be you should use FORWARD chain i.e.
iptables -t mangle -A FORWARD -p tcp -m tcp --tcp-flags SYN,RST SYN -j
TCPMSS --set-mss 1300
On Fri, Jan 18, 2013 at 12:35 PM, steven liu <stevenliu88 at gmail.com> wrote:
> Thanks. We already tried to set TCP MSS to 1300 by following commands. But
> we still has the same problem.
>
> iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o eth0 -j
> TCPMSS --set-mss 1300
>
>
> iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o eth0 -j
> TCPMSS --clamp-mss-to-pmtu
>
>
> On Fri, Jan 18, 2013 at 12:09 PM, steven liu <stevenliu88 at gmail.com> wrote:
>>
>> Dear All,
>>
>> We have set up an ipsec vpn tunnel between an iphone and a strongswan vpn
>> server by following the strong wiki guide. It works if we use iphone to
>> access http website. But iphone cannot access any https website. We also use
>> wireshark to capture packets in the strongswan vpn server. It shows some
>> "TLS Encrypted Alert" packets. Any help much appreciated!
>>
>> Tks.
>
>
>
> _______________________________________________
> Users mailing list
> Users at lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/users
More information about the Users
mailing list