[strongSwan] Tunnel over [slow] GPRS link
Alexander Hill
alex at hill.net.au
Mon May 1 19:59:54 CEST 2017
Hi René,
It sounds like an issue with that provider's network configuration rather
than with the bandwidth or latency.
Try lowering MTU/MSS with either the charon.plugins.kernel-netlink.mss/mtu
settings or via iptables.
https://wiki.strongswan.org/projects/strongswan/wiki/ForwardingAndSplitTunneling#MTUMSS-issues
I have many devices out in the field on different networks out of my
control, and lowering MSS (in my case via the kernel-netlink plugin
settings) fixed very similar problems I was having at some sites.
Cheers,
Alex
On Mon, 1 May 2017 at 21:48 Rene Maurer <renemaur at gmail.com> wrote:
> Hello Noel
>
> > set net.ipv4.ip_no_pmtu_disc=1
>
> Doesn't help.
>
> > Try to enable IKE fragmentation, if you can, by setting
> "fragmentation=yes".
> > That will enable fragmentation if the remote peer supports it.
>
> Fragmentation isn't supported by the peer AFAIK.
>
> > The problem is that the message gets lost (or not answered by the remote
> peer).
>
> I have now tried 4 different SIM cards (different providers and/or
> services).
>
> There is only one provider/service (unfortunately the one I have used more
> than a
> week now) which doesn't work. The rest works, i.e. my tunnels come up
> without
> problems so far!
>
> Summarized I can say the tunnel works with Ethernet and at least with
> three different
> Mobile providers/services. I doesn't work with one provider. I don't have
> access to
> other providers/services right now.
>
> I will try to get information about the subject from this provider (which
> will be
> complicated I suppose).
>
> The outstanding quality of your feedback helps a lot.
> Thank you very much!
>
> Kind regards,
> René
> _______________________________________________
> Users mailing list
> Users at lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20170501/0e38fa79/attachment.html>
More information about the Users
mailing list