[strongSwan] IPsec vs Unitymedia

Harald Dunkel harri at afaics.de
Thu Jun 1 18:22:59 CEST 2017


Hi folks,

there are some rumors on Google that IPsec connections
to Apple devices are distorted, if the IP provider is
Unitymedia. Some say, Unitymedia sets the ECN bits on
the IP traffic without looking, and the IPsec implemen-
tation on MacOS/Ios is supposed to drop these packages,
according to

https://tools.ietf.org/html/rfc3168#section-9.1.1

(if I got this correctly).

Can anybody confirm or deny? I don't have Unitymedia at
home, but several colleagues complain that they cannot
establish a stable connection to our Strongswan gateway
in the office. All use Unitymedia.


Every helpful comment is highly appreciated
Harri



More information about the Users mailing list