[strongSwan] Cannot connect to IPsec gateway in a roadwarrior scenario because of large packet lengths

Олег Пруц olegp04728 at gmail.com
Sat Sep 23 17:09:47 CEST 2017


Hello strongSwan team,

Thank you for your great job. You are enabling user privacy and internet
freedom for people really concerned with this. As for me, this is my use
case: I purchased AWS instance with Ubuntu 16.04.2 and installed strongSwan
on it, so I was successfully connecting from my home computer to it and was
able to bypass restrictions.

However, as I have to use another network now, the connection is not
establishing anymore. I did IP packet captures both on the server and on my
machine and found out that the server fragments packets and sends packets
with size larger than my MTU during key exchange. I set server MTU to be
1000, but fragmentation is still there, and fragmented packets do not pass
to my machine. It seems to be an issue with my new ISP which does not
handle fragmented packets.

I can supply the captures if necessary.

Regards,
Oleg Prutz
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20170923/cc9a40a1/attachment.html>


More information about the Users mailing list