[strongSwan] road warrior MTU issues (IPv4)
Harald Dunkel
harri at afaics.de
Wed Dec 11 23:08:45 CET 2019
On 12/11/19 10:39 PM, Harald Dunkel wrote:
> Hi folks,
>
> apparently the MacOS road warriors have to manually adjust the MTU on
> ipsec0 to 1280 in some networks, e.g. if the IP provider is Unitymedia,
> or if they travel in an ICE of Deutsche Bahn and use the free Wifi.
> Without *sudo ifconfig ipsec0 mtu 1280* their IPsec connection appears
> to be broken.
>
> Problem is, setting the MTU on MacOS is not persistent. On the next
> IPsec connection MacOS has lost the adjusted MTU and goes with the
> default 1400 again.
>
> Since the peer runs Strongswan on Linux, I wonder if there is something
> that can be done on this side? Is this purely MacOS' fault for not
> fragmenting payload accordingly?
>
PS: I found
https://wiki.strongswan.org/projects/strongswan/wiki/ForwardingAndSplitTunneling#MTUMSS-issues
after sending this, but AFAIU reducing the mss affects outgoing TCP traffic
only.
Regards
Harri
More information about the Users
mailing list