[strongSwan] High latencies

Noel Kuntze noel.kuntze+strongswan-users-ml at thermi.consulting
Tue Sep 19 17:00:45 CEST 2017


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Check the tcp metrics (ip tcp_metrics) and look at the MSS.

On 19.09.2017 16:57, Turbo Fredriksson wrote:
> This is spooky!! > > I ran > > ip link set dev eth0 mtu 1500 > > on all instances in the chain. Then run > > iptables -A FORWARD -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu > iptables -A FORWARD -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --set-mss 128 > > on both the VPN instances. > > Still didn’t work. > > I then reverted all that, set the MTU on the interface BACK to 9001 on > all the instances AND deleted those iptable rules - s/-A/-D/g, and all of > a sudden it worked!! > > Very spooky! -----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEENSSTvrX3jmMTcq8t9U7kCwc5rWwFAlnBMRwACgkQ9U7kCwc5
rWyFfBAAtfCIhBSsDXaMC6iujgW9i4AN8E37Bn2mACUQS0Z3jUlv1tYP7e5q+Jsr
E5v6Vh6ZMRwx4qk/mMBB6GqaaggpBFQOglnaF+bAK3lcdEl1adrFsnkUjpomZf4a
MjKty84vLytK7qRTuegHmg4cRS0qM6EONMD5FddcgbkMsi7P+LLbjkYy5cX2r5UC
tOXmcy3ribjp0mr49gIQGLC1Lf/S7cdOs2mXTcCWxnB0j0UB/X6K38SdAMBXatIC
4SsNLNHbjkLMXhOcy6vvKGZpnfeEBgbmDLw7zRYkHhsDsCGhhqT9xWJc19U6ZpGe
+mPANtJTeytPPWTMYzErNVoEo9asLtwUveEA3NHY47Q5DxFRFVx7qpjqcI8co4w9
CrqElRMo3abEbVXLQ2B4spvpEdlTIdvMS9XW7rJQPEOkurmDv7UjJof828x6Pv+J
EcQT0gUvi6QcaD3w7BiK4Jr43cUIrWCtP5OuMTKDHb4tw2yICxMUJZRXKlX1nhBv
0RHpLh7DI5z3kEcbmMUBV1Yn3a9rVsneIljOm7HkWEoJ+Q7gjTTyThmeO8uHhkCx
aj+ts7Wzpie4pygxD5FoMRShZQ9/dbhz51+l4amV3YJeB4MwmGz/KqjTcc0HxM38
PIp7Hk/TFU7bAm2AZDNDv2HOSWRBUSoclEpjNjWrLr4jf7FAITg=
=dVpj
-----END PGP SIGNATURE-----



More information about the Users mailing list