[strongSwan] road warrior MTU issues (IPv4)
Modster, Anthony
Anthony.Modster at Teledyne.com
Wed Dec 11 23:29:51 CET 2019
These are the providers that have MTU issues for us.
- Panasonic
- BoardConnect/Inmarsat
- Verizon
- Vodafone
-----Original Message-----
From: Users <users-bounces at lists.strongswan.org> On Behalf Of Harald Dunkel
Sent: Wednesday, December 11, 2019 2:09 PM
To: users at lists.strongswan.org
Subject: Re: [strongSwan] road warrior MTU issues (IPv4)
---External Email---
On 12/11/19 10:39 PM, Harald Dunkel wrote:
> Hi folks,
>
> apparently the MacOS road warriors have to manually adjust the MTU on
> ipsec0 to 1280 in some networks, e.g. if the IP provider is
> Unitymedia, or if they travel in an ICE of Deutsche Bahn and use the free Wifi.
> Without *sudo ifconfig ipsec0 mtu 1280* their IPsec connection appears
> to be broken.
>
> Problem is, setting the MTU on MacOS is not persistent. On the next
> IPsec connection MacOS has lost the adjusted MTU and goes with the
> default 1400 again.
>
> Since the peer runs Strongswan on Linux, I wonder if there is
> something that can be done on this side? Is this purely MacOS' fault
> for not fragmenting payload accordingly?
>
PS: I found
https://wiki.strongswan.org/projects/strongswan/wiki/ForwardingAndSplitTunneling#MTUMSS-issues
after sending this, but AFAIU reducing the mss affects outgoing TCP traffic only.
Regards
Harri
More information about the Users
mailing list