Hi List,
I'm having trouble getting an iPhone connect to my pfSense OpenVPN
installation.
On the Server, I'm seeing:
openvpn[2371]: [remote IP here]:11125 WARNING: Bad encapsulated packet
length from peer (1404), which must be > 0 and <= 1300 -- please ensure
that --tun-mtu or --link-mtu is equal on both peers -- this condition
could also indicate a possible active attack on the TCP link --
[Attempting restart...]
While the Client says:
[certificate shown here]
issued on : 2013-11-28 22:02:23
expires on : 2023-11-26 22:02:23
signed using : RSA+SHA1
RSA key size : 2048 bits
2013-12-04 15:33:45 TCP recv EOF
2013-12-04 15:33:45 Transport Error: Transport error on '[my dyndns name here]:
NETWORK_EOF_ERROR
2013-12-04 15:33:45 Client terminated, restarting in 2...
2013-12-04 15:33:47 EVENT: RECONNECTING
2013-12-04 15:33:47 LZO-ASYM init swap=0 asym=0
I'm passing
link-mtu 1300;
mssfix 1260;
to both client and server, so I don't know where the 1404 is coming from.
What am I doing wrong? And why is it that only the iPhone has trouble
connecting, while an Android phone (using another certificate, but the
same settings) works fine?
If you need further info (settings, more log file excerpts), please let
me know what I should post.
This is a pfSense behind another pfSense (which is set to forward TCP
packets on port 1194 to the second pfSense, that has OpenVPN configured)
which in turn is attached to a SoHo DSL router (which is set to forward
all packets to the first pfSense WAN IP), so I'm using tcp instead of
udp and the 1300 mtu setting to avoid trouble due to multiple NATing and
forwarding. Worked fine for Android, just the iPhone is acting up.
IoW: [DSL]---[SoHo router]----[pfSense #1]----[pfSense #2 with OpenVPN]
-Stefan
_______________________________________________
List mailing list
[email protected]
http://lists.pfsense.org/mailman/listinfo/list
