> Hello, 
> This appears to be the same thing I have been having issues with and 
> mentioned in a post to misc last week ("Untable ssl connections over ikev2 
> VPN") - (yes, typo intact - it should be "unstable").
> I have tried adding a "max-mss 1300" directive into pf.conf (i.e.: "match in 
> all scrub (no-df random-id max-mss 1300)").
> At first, I _thought_ this made a difference, but I am not sure if that is 
> really true. 
> I have also noticed that the TLS failures seem to vary based on OS.  At this 
> point, I was able to get an https connection to work with firefox on MacOS, 
> but the TLS handshake continues to hang (100% of the time) with firefox on a 
> Windows 7 PC.  With an openBSD laptop, it seems like it sometimes works and 
> sometimes doesn't (using "openssl s_client" to test).
> I also made no changes in pf.conf or iked.conf from the working to 
> non-working period. 
> I have no idea what to do; I am just posting my observations if that helps. 
> Thanks


Glad its just not me !!! Even if you don't know the fix, at least I now know I 
haven't gone completely crazy !

For me it more consistent, on OSX its 100% hang, on Windows 10 its 100% hang.  
Haven't tried OpenBSD client yet, I've been too busy putting emergency 
workarounds in place to bypass the site-to-site stuff. Will try OpenBSD client 
though when I get a chance.

Appreciate you taking the time to email ... keep in touch !

Reply via email to