On Tue, May 13, 2008 at 6:47 AM, Jure Pečar <[EMAIL PROTECTED]> wrote: > > > I solved office1 to office2 with openvpn, now I want to figure out the > problem between office1 and servers. > > I monitored the ipsec logs on both pfsenses at the time when ssh session > freezes and nothing shows up in the logs. The interesting thing is that > sometimes it freezes and never recovers, while at other times it recovers > after a minute or so and spits out the remaining text of dmesg output. > > Any ideas? >
FreeBSD (hence pfSense) creates PMTUD black holes with IPsec. Hence large packets just disappear and you see things like SSH sessions freeze. Work around with current pfSense releases is to lower the MTU of your hosts to 1400 or so. There will be a real fix for it available for 1.2.1, now that FreeBSD has fixed the issue.
