On Wed, 20 Dec 2017, Davide Pucci wrote:
I need your help as I'm facing several issues without some Swan IPsec tunnels:
they all are built between a NAT-ed
host (running openswan) and a publicly exposed one (running libreswan).
I can always reproduce the issue by executing "for i in {0..30}; do ps ax; done" or
"dd if=/dev/urandom bs=10M": it
seems that if I run commands with large outputs tunnel goes down.
The first - behind NAT - host has the configuration file attached as
h1-to-h2.conf; similarly, the latter, the one
named h2-to-h1.conf.
Most likely broken path mtu discovery, see:
https://libreswan.org/wiki/FAQ#My_ssh_sessions_hang_or_connectivity_is_very_slow
Paul
_______________________________________________
Swan mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan
