[strongSwan] High latencies

Noel Kuntze noel.kuntze+strongswan-users-ml at thermi.consulting
Tue Sep 19 16:20:52 CEST 2017


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Oh btw, you can use "tracepath" and "tracepath6" (make sure you use -n to disable resolving IP addresses to DNS names. Takes unnecessary amounts of time).

On 19.09.2017 16:16, Noel Kuntze wrote:
> > Usage of the MSS target in iptables, usage of kernel-netlink.mtu or of MTUs on the routes in the routing tables (check `ip route get` to find what route a packet would take to some destination). > You break PMTU discovery if you don't accept ctstate RELATED or drop ICMP before accepting ctstate RELATED. > > On 19.09.2017 16:05, Turbo Fredriksson wrote: > > On 19 Sep 2017, at 14:57, Noel Kuntze <noel.kuntze+strongswan-users-ml at thermi.consulting> wrote: > >> Did you fix the MSS? Is the MTU on the tunnel correct? Did you maybe break PMTU discovery? > > Not sure, can’t remember… How do I check? > -----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEENSSTvrX3jmMTcq8t9U7kCwc5rWwFAlnBJ8MACgkQ9U7kCwc5
rWwJNRAAkWBERKRy7nZPxqMH9pLLaIlFNLNJcjeY9xqtWBIMG292Ep9+As4izi4A
24vIEGJy6v867Xpk8lHsGj/bJeU7jRLR97lfQ8/iZRTCezwFZxFeoe36CsmmM0vI
iZNjiECGcogD1EgZh2e3VnyXgnMW9kAlnxeTJZ+obIU4vNKFhXzoBeJ6v7AoBa9g
iHmMAMoyvYyfqVpTusb9m2JCu0NW0m/yMgfBmCZ+LY77BhgwgKwKpZx+p28RRSg6
p9a4OsdngLXGlK8i9mXYF7hIAg6he6Ziy+cQUgq3AFaS9uBN++ZSHHHeuUj43X+r
t8rB9jMn9eMDgjJVh4f39G6PpJuMyW71HmVlcdaMCGnB2pLnotDxZTiH1Npc13qR
T5iBrNEH27uEqzVSRibsVFvIwk1QfISFk7YB33s/6UKCApuPbLIZW4zUukwzby9F
vfwj9YDgLYo6CkDN6RfwRfe3P+PSn9d6vkm3r1MlPG7dK/IzcMuoui9YK1j4DoB9
PA2jZvFQxhZVvPHQJQpL4H5maY1j3dYj4/Eus125c+MAWjzzxr0HbcomI9f62R79
S6ZWY5xgFui2YI+9NHShJethm63hkSYCdMMGIXPqwAaWwBrg/bytokWqVQxURH5E
6/QYkPmeNWtiY8T7Gk82iK9X1Zi8+FyeoNunWKwzLjAuMlAVOK4=
=+iJg
-----END PGP SIGNATURE-----



More information about the Users mailing list