[strongSwan] Cannot connect to IPsec gateway in a roadwarrior scenario because of large packet lengths
Олег Пруц
olegp04728 at gmail.com
Mon Aug 28 03:41:14 CEST 2017
Hello strongSwan team,
Thank you for your great job. You are enabling user privacy and internet
freedom for people really concerned with this. As for me, this is my use
case: I purchased AWS instance with Ubuntu 16.04.2 and installed strongSwan
on it, so I was successfully connecting from my home computer to it and was
able to bypass restrictions.
However, as I have to use another network now, the connection is not
establishing anymore. I did IP packet captures both on the server and on my
machine and found out that the server fragments packets and sends packets
with size larger than my MTU during key exchange. I set server MTU to be
1000, but fragmentation is still there, and fragmented packets do not pass
to my machine. It seems to be an issue with my new ISP which does not
handle fragmented packets. Here are the captures after setting smaller MTU
size.
I hope you will provide some hints.
Regards,
Oleg Prutz
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20170828/dabac969/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: client.png
Type: image/png
Size: 129503 bytes
Desc: not available
URL: <http://lists.strongswan.org/pipermail/users/attachments/20170828/dabac969/attachment-0002.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: server.png
Type: image/png
Size: 136847 bytes
Desc: not available
URL: <http://lists.strongswan.org/pipermail/users/attachments/20170828/dabac969/attachment-0003.png>
More information about the Users
mailing list