Simple setup...shown below:
Server:
conn rw
leftsubnet=192.168.1.0/24
leftcert=StrongSwanHostCert.pem
right=%any
rightsourceip=192.168.1.11
auto=add
Client
conn rw
leftsourceip=192.168.1.11
leftcert=mycert.pem
right=ext.ip
ri
Hello Volker,
I tried "fragmentation=yes" before, but in specific connection section, not in
%default, and it didn't make any effect. Now in %default section it solved my
problem.
Now I have enough evidence and knowledge to troubleshoot network together with
hoster tech support.
Thanks a lot !
Hi Denis,
Hello,
my previous suggestion was wrong. I've compared tcpdumps on working and
non-working hosts again, and found that in broken case client continues to
re-send this packed to server:
19:53:09.673551 IP (tos 0x0, ttl 57, id 0, offset 0, flags [DF], proto UDP
(17), length 1212)