On 04/25/2016 06:13 PM, Marc Peters wrote:
Am 04/25/16 um 16:00 schrieb lilit-aibolit:
Hi list.
I've typical site-to-site IPsec tunnel.
On rare occasions users got infinite loop in their browser
while opening web-sites in opposite endpoints, however
in same time ping works well from one network to other.
SSH connection to remote hosts looks like you're almost
entered, but it freezes and can only interrupt connection.
I had similar issues some years ago with branch offices and a simple
"""
match in all scrub (random-id no-df)
"""
in the /etc/pf.conf on each host solved this for me (the no-df part was
the important bit).
HTH,
Marc
Thanks for your answer.
I already have this line in pf.conf on all machines:
>>match in all scrub (no-df)<<
