[strongSwan] Some sites don't load or timeout because of IP fragmentation problems

[Mark M]

I have a strongSwan server up and running behind my home Verizon FiOS router and have my phone with the android client using a virtual IP connecting to it and sending all traffic to the server and having the server send the traffic back out my internet connection. The setup looks like this - android client > Verizon router forwarded to strongSwan server >: strongSwan server sends requests out to the internet > sends back to android client over tunnel.
Everything works great except that a lot of websites do not load or start to load and then timeout. This has something to do with IP fragmentation not working. In Wireshark, I see the strongSwan server sending back ICMP destination unreachable (Fragmentation needed) back to the servers that are timing out. I was running a strongSwan server a few years back and had the same problem. The solution was to change the MTU on my Verizon router to 1400 and it fixed most of the fragmentation problems, but some sites still had this issue.
I still think something is broken with this and can be fixed without setting the MTU. I think path discovery or something like that is broken somewhere, possibly with the strongSwan server.
Does anyone know how to fix this issue?
Thanks,
Mark-
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20150309/a61868a9/attachment.html>