[strongSwan] High latencies

Tue Sep 19 16:16:41 CEST 2017

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Usage of the MSS target in iptables, usage of kernel-netlink.mtu or of MTUs on the routes in the routing tables (check `ip route get` to find what route a packet would take to some destination).
You break PMTU discovery if you don't accept ctstate RELATED or drop ICMP before accepting ctstate RELATED.

On 19.09.2017 16:05, Turbo Fredriksson wrote:
> On 19 Sep 2017, at 14:57, Noel Kuntze <noel.kuntze+strongswan-users-ml at thermi.consulting> wrote: > >> Did you fix the MSS? Is the MTU on the tunnel correct? Did you maybe break PMTU discovery? > > Not sure, can’t remember… How do I check? -----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEENSSTvrX3jmMTcq8t9U7kCwc5rWwFAlnBJsgACgkQ9U7kCwc5
rWylvA/+MI8o4EiFQUqsyxtJw/fX72JuPBURz1/DDdcmTti7HpYBJxckIaC8xDA0
mn0KyYQnIIr1unDSS47iHCNL0ksYI6iHd8V/1rjGgsHF3cCpUAeFOPCPHuXTtUQU
3ouEg3rUDU7CT5zyVvLcJddXqagckV7FOnWunrXcswtrDZKGKMbPza5msOBH/i4v
jGCK5Sx+S9donoEa2ehFfOoh8eTcyts3wrewEvTyPZ7J5Yq5IzLo4wnYwley3uth
bildIdu+CY7q2v7SWnUPTEC3CcyGqK8gA/X6XgmQU/o8xCy72jCaXIVp2N2F65pt
gfe+nxN3GlX8b0YlHGZ4Dp/jI/cn1nbleaTYA+ayFxN7jfoVSG+qwQkPxFJ5uVzq
eelXrHRMinJRuEScK/eHIPho8KKA14xxPIL46v1ZtHNKZv6ZSjVdaeFUa1ZHdbbk
XYT01t0/e1PZjhWN3haFZP+CAXT//RcU7s0zbe7fmfWXPwuAZI7eHSFlOUP6Ex2D
ISEZlrLT+V9leY0LKVm1y4IjH1L/3GawA8PJS3tnmXhX8LOqVqpA2f/arsFWaWNb
HtLjy0abS8GXNaTB3YCOm1OTwGb//EaamdVn6ZWk4R+yqp9dXJ9vCztjC6C6Nb3J
gg4/itBeBz6WODT4VOXFnyGYcw8JOfYjJdlkp3w9+KyfFBpGSEI=
=PRk8
-----END PGP SIGNATURE-----