[strongSwan] Tunnel over [slow] GPRS link
rmnet at mailc.net
Fri Apr 28 10:06:29 CEST 2017
I have strongSwan 5.3.0 installed on a embedded Linux system with
The embedded system has three network interfaces:
1. eth0 => connected to my local network (10.4.48.0/20).
2. eth1 => connected to the Ethernet (DHCP) if cable plugged in.
3. ppp0 => connected to the Ethernet using UMTS/GPRS when modem is on.
The Linux box builds a tunnel to a MOXA switch on the remote
site using the road warrior scenario.
Connected to the Ethernet via eth1 (GPRS modem powered down) and
everything is routed between eth0 and eth1. The tunnel comes up
without any problems. ping between the local networks on both sites
Connected to the Ethernet via ppp0 (GPRS enabled, eth1 down) and
everything is routed between eth0 and ppp0.
The tunnel doesn't come up (ikev2_auth[I] messages are not answered
by the remote site). ipsec and strongSwan configuration is *exactly*
the same as in the working case.
It is not clear for me in which direction I should go to solve the
Is there a general problem when using GPRS (or UMTS) connections?
Is connection speed relevant?
Is fragmentation involved? Should/must it be disabled or enabled when
using slow (any maybe not stable) connections?
Are there any timing parameters in strongSwan we can change to achieve
a more robust behavior?
Is it better to use "aggressive mode"?
More information about the Users