[strongSwan] Server Not Decrypting on a Cellular Connection

Tobias Brunner tobias at strongswan.org
Wed Jul 18 16:34:48 CEST 2018

Hi Jody,

> I’m having an issue where Strongswan is unable to decrypt websites or serve email to a cell phone that is connected to the VPN of said server via a cellular connection. However, when the phone is connected to the VPN via WiFi, the VPN is able to serve the websites and email just fine. Is there a reason as to why a Cellular connection to the server/VPN would result in the connection not decrypting it’s own websites and email to the device?
> BTW - all other traffic thru the VPN works just fine on a cellular connection.

Could be due to a lower MTU over cellular connections vs. WiFi.  That
might cause all kinds of problems with PMTUD, IP fragments etc.  A
possible workaround for this is using MSS clamping, have a look at [1]
for some pointers.



More information about the Users mailing list