[strongSwan] Troubles with some websites depending on ISP via Strongswan VPN

Kevin Olbrich ko at sv01.de
Sat Jul 21 09:06:59 CEST 2018


Sounds like MTU problems... We had to set PMTU on our gateways to help with
the process.

https://www.linuxtopia.org/Linux_Firewall_iptables/x4700.html

Feedback is welcome, interested if this could be the problem.

Kevin


2018-07-20 17:51 GMT+02:00 Ahammerl <ahammerl at googlemail.com>:

> Hi,
>
> Connecting via Strongswan VPN, using XAuth PSK, I have troubles visiting
> some websites (which don't seem to be blocking any IP in general). Could
> there be an issue with the route containing virtual host hops which are not
> available with all ISPs?
>
> In my test, I connect one time to the VPN with telekom ISP, another time
> with a regional ISP. both connect well without problems and can visit most
> websites incl. google, whatsmyip.com etc. properly, which confirms the
> VPN IP with success.
> However, trying to visit e.g. www.ip8.com, the 2nd connection is failing.
>
> For comparison, with OpenVPN on the same server, it's working with both
> ISPs OK, visiting ip8.com without troubles. With Strongswan VPN as
> alternative, it fails to connect with the 2nd.
> Next, I compared the route with traceroute and mtr via Strongswan VPN.
> This looks OK and it's the same route as I have when trying to connect from
> the VPN server itself to the website.
>
> Is there a known issue or do you have a hint how to resolve this by
> configuration changes, if possible..?
>
> Thank you!
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20180721/10fc4add/attachment-0001.html>


More information about the Users mailing list