[strongSwan] Tunnel over [slow] GPRS link

Rene Maurer rmnet at mailc.net
Fri Apr 28 10:06:29 CEST 2017


I have strongSwan 5.3.0 installed on a embedded Linux system with
Kernel 3.14.43.

The embedded system has three network interfaces:
1. eth0 => connected to my local network (
2. eth1 => connected to the Ethernet (DHCP) if cable plugged in.
3. ppp0 => connected to the Ethernet using UMTS/GPRS when modem is on.

The Linux box builds a tunnel to a MOXA switch on the remote
site using the road warrior scenario.

Working case:
Connected to the Ethernet via eth1 (GPRS modem powered down) and
everything is routed between eth0 and eth1. The tunnel comes up
without any problems. ping between the local networks on both sites
is working.

Not-working case:
Connected to the Ethernet via ppp0 (GPRS enabled, eth1 down) and
everything is routed between eth0 and ppp0.
The tunnel doesn't come up (ikev2_auth[I] messages are not answered
by the remote site). ipsec and strongSwan configuration is *exactly*
the same as in the working case.

It is not clear for me in which direction I should go to solve the

Is there a general problem when using GPRS (or UMTS) connections?

Is connection speed relevant?

Is fragmentation involved? Should/must it be disabled or enabled when
using slow (any maybe not stable) connections?

Are there any timing parameters in strongSwan we can change to achieve
a more robust behavior?

Is it better to use "aggressive mode"?

Best regards

More information about the Users mailing list