Hi, may be you should use FORWARD chain i.e. iptables -t mangle -A FORWARD -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --set-mss 1300
On Fri, Jan 18, 2013 at 12:35 PM, steven liu <[email protected]> wrote: > Thanks. We already tried to set TCP MSS to 1300 by following commands. But > we still has the same problem. > > iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o eth0 -j > TCPMSS --set-mss 1300 > > > iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o eth0 -j > TCPMSS --clamp-mss-to-pmtu > > > On Fri, Jan 18, 2013 at 12:09 PM, steven liu <[email protected]> wrote: >> >> Dear All, >> >> We have set up an ipsec vpn tunnel between an iphone and a strongswan vpn >> server by following the strong wiki guide. It works if we use iphone to >> access http website. But iphone cannot access any https website. We also use >> wireshark to capture packets in the strongswan vpn server. It shows some >> "TLS Encrypted Alert" packets. Any help much appreciated! >> >> Tks. > > > > _______________________________________________ > Users mailing list > [email protected] > https://lists.strongswan.org/mailman/listinfo/users _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
