On Thu, 21 Dec 2017, Davide Pucci wrote:
> Most likely broken path mtu discovery, see:
>
https://libreswan.org/wiki/FAQ#My_ssh_sessions_hang_or_connectivity_is_very_slow
Thank you for your answer, but I already tried any of those solutions (tried
almost every value from 1500 down to 250), without actually fixing the problem
at all.
Any other help? Keep in mind that I have other tunnels between the hosts the
one behind NAT is connecting to, and when NAT-ed host is not involved, I've no
problems at all.
One host or another has the problem with MTU. Going lower then 1300
should never be needed (and dangerous if/when using L2TP/PPP which
uses 1200 on most OSes)
You really do have a MTU issue if pings work but screens of output
freezes. It could be a problem on multiple machines. Note also that
conntrack tables might not instantly update, so you might have to
redo the tests running conntrack -F to clear the kernel state.
Paul
_______________________________________________
Swan mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan
