[strongSwan] road warrior MTU issues (IPv4)

Modster, Anthony Anthony.Modster at Teledyne.com
Wed Dec 11 23:29:51 CET 2019


These are the providers that have MTU issues for us.

- Panasonic 
- BoardConnect/Inmarsat 
- Verizon
- Vodafone

-----Original Message-----
From: Users <users-bounces at lists.strongswan.org> On Behalf Of Harald Dunkel
Sent: Wednesday, December 11, 2019 2:09 PM
To: users at lists.strongswan.org
Subject: Re: [strongSwan] road warrior MTU issues (IPv4)

---External Email---

On 12/11/19 10:39 PM, Harald Dunkel wrote:
> Hi folks,
> 
> apparently the MacOS road warriors have to manually adjust the MTU on
> ipsec0 to 1280 in some networks, e.g. if the IP provider is 
> Unitymedia, or if they travel in an ICE of Deutsche Bahn and use the free Wifi.
> Without *sudo ifconfig ipsec0 mtu 1280* their IPsec connection appears 
> to be broken.
> 
> Problem is, setting the MTU on MacOS is not persistent. On the next 
> IPsec connection MacOS has lost the adjusted MTU and goes with the 
> default 1400 again.
> 
> Since the peer runs Strongswan on Linux, I wonder if there is 
> something that can be done on this side? Is this purely MacOS' fault 
> for not fragmenting payload accordingly?
> 

PS: I found

https://wiki.strongswan.org/projects/strongswan/wiki/ForwardingAndSplitTunneling#MTUMSS-issues

after sending this, but AFAIU reducing the mss affects outgoing TCP traffic only.


Regards
Harri


More information about the Users mailing list