Hi I'm not sure about this, but I think there are some other posts in mailing list about that. I had this problem too a while ago and I solved it as you did. But you can use iptables with MSS clamp like this at your side:
# iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu # iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --set-mss 128 Best wishes On Thu, Feb 21, 2013 at 6:03 PM, kgardenia42 <[email protected]> wrote: > Hi, > > I have a recurring problem whereby when connected to strongswan 5.0.2 > in AWS (same client version) I can't do: > > curl http://www.2600.com > > It just stalls/blocks on the client side and never returns. I'm not > sure what it is about that site. Generally all other sites work fine. > I have seen the same thing on multiple installs. > > When I tcpdump on the server side I can see lots of spinning packets > that look like this: > > 14:29:03.782376 IP <aws hostname > 207.99.30.226: ICMP <aws hostname> > unreachable - need to frag (mtu 1422), length 556 > > When I set the MTU on my (Ubuntu) client machine down from 1500 to > 1400 this goes away. > > It isn't an option to tell users to change MTU on their client > machines. Is there some configuration setting I need to use here to > avoid this? either within or external to strongswan. > > Thanks, > > _______________________________________________ > Users mailing list > [email protected] > https://lists.strongswan.org/mailman/listinfo/users _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
