[strongSwan] road warrior MTU issues (IPv4)

Modster, Anthony Anthony.Modster at Teledyne.com
Wed Dec 11 22:42:34 CET 2019

Let use know the answer to this

We also have the same problem on some networks (were are using an embedded system).

-----Original Message-----
From: Users <users-bounces at lists.strongswan.org> On Behalf Of Harald Dunkel
Sent: Wednesday, December 11, 2019 1:39 PM
To: users at lists.strongswan.org
Subject: [strongSwan] road warrior MTU issues (IPv4)

---External Email---

Hi folks,

apparently the MacOS road warriors have to manually adjust the MTU on
ipsec0 to 1280 in some networks, e.g. if the IP provider is Unitymedia, or if they travel in an ICE of Deutsche Bahn and use the free Wifi.
Without *sudo ifconfig ipsec0 mtu 1280* their IPsec connection appears to be broken.

Problem is, setting the MTU on MacOS is not persistent. On the next IPsec connection MacOS has lost the adjusted MTU and goes with the default 1400 again.

Since the peer runs Strongswan on Linux, I wonder if there is something that can be done on this side? Is this purely MacOS' fault for not fragmenting payload accordingly?

Every helpful comment is highly appreciated.


More information about the Users mailing list