[strongSwan] Services unreachable after first connection
Tobias Brunner
tobias at strongswan.org
Fri Jun 5 10:12:16 CEST 2020
Hi Tas,
> Do you think this strange behaviour can be cause by our strongswan
> configuration?
One thing that comes to mind in regards to TCP over IPsec are MTU/MSS
issues [1]. But those would only have an effect on larger transmits,
not on the initial TCP handshake. That is, you should be able to create
a new TCP connection even after another stalled. If that's not the
case, some firewall or routing issue could be the culprit (or a problem
with the IPsec tunnel on the other end).
By the way, you'll never see outbound plaintext traffic (e.g. a TCP SYN)
in tcpdump [2].
Regards,
Tobias
[1]
https://wiki.strongswan.org/projects/strongswan/wiki/ForwardingAndSplitTunneling#MTUMSS-issues
[2]
https://wiki.strongswan.org/projects/strongswan/wiki/FAQ#Capturing-outbound-plaintext-packets-with-tcpdumpwireshark
More information about the Users
mailing list