[strongSwan] Server Not Decrypting on a Cellular Connection
Tobias Brunner
tobias at strongswan.org
Wed Jul 18 16:34:48 CEST 2018
Hi Jody,
> I’m having an issue where Strongswan is unable to decrypt websites or serve email to a cell phone that is connected to the VPN of said server via a cellular connection. However, when the phone is connected to the VPN via WiFi, the VPN is able to serve the websites and email just fine. Is there a reason as to why a Cellular connection to the server/VPN would result in the connection not decrypting it’s own websites and email to the device?
>
> BTW - all other traffic thru the VPN works just fine on a cellular connection.
Could be due to a lower MTU over cellular connections vs. WiFi. That
might cause all kinds of problems with PMTUD, IP fragments etc. A
possible workaround for this is using MSS clamping, have a look at [1]
for some pointers.
Regards,
Tobias
[1]
https://wiki.strongswan.org/projects/strongswan/wiki/ForwardingAndSplitTunneling#MTUMSS-issues
More information about the Users
mailing list