-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello Tobias,
I tried the iptables commands on the VPN endpoint, which SNATs the connections to the internet, but that didn't work. What worked was doing it on the VPN initiator in my LAN, which connects to the internet over the other endpoint. No idea why only that works. Thanks! Regards, Noel Kuntze GPG Key id: 0x63EC6658 Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658 Am 22.08.2014 um 10:29 schrieb Tobias Brunner: > Hi Noel, > >> Is there a way to limit the mss that is encapsulated into the ESP packets >> and/or cause fragmentation on either of the endpoints? > > You can do so via iptables [1] or the patches at [2]. > > Regards, > Tobias > > [1] http://lartc.org/howto/lartc.cookbook.mtu-mss.html > [2] https://wiki.strongswan.org/issues/632#note-14 > -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBAgAGBQJT9wNkAAoJEDg5KY9j7GZY+pkP/REYNAEw9Z5HFOUSfO7FR4eq CYVC3a36FH9HIdV+47h3skmhUOJHnH75OB6tx5qHsNZ+AM8d98Rsd/GdhAdojhs7 QX7MLeiHk52NoOC/Me4i5RQxMcLDg7Juy3D0hYQX0/96HJJHNkaws/tmf78+MATy /CExc+str+NP4WXl7W5jOEuPPUkTqwr5aJayQdTPE8sDM0vmj2k8ptEF8Za5GFPF z/dazxdchDZuZNRBisU1//XmskxuScpawTxdUsaEqnrdBJdxS0lsTbcGr83WPaxI HHU5qeKAkhXcwEyKpzRzeFkt1oaQ/AfnteKkxwjhYNu1gxLByr4VEXQ17iLzt91F 1HRQIaLtxHc6vb6DtA4ytBnibp/SlzgefCygsElkmhfG9TYVWZ3WHxkXZdXG1ZNm /KF3oswiuxbd1n42FgHujfp85gEfJIolZ9pzXSvxdjyGWOX1bJTLI3ZCC5KF19k1 uxKh8KLPl07Eozyt94/Cyz0QVcV2vMDyVS8ORvWV4r02TZNPp17vxBqOweVmq4/5 KkxJKvtSFuwYhd7Xdu6ZKMpHIbJ05HQ7w1kZLe9haCsZhhjidyCoG+r6BbJw98ua xjc3WKfO/hLB5gzlZ6uRxoCvAMVmNxioTnBRFTYIpJ8avSrXRta/Qf6phqXP4h0Q Bixk0512aPLqpEkPmi7T =ab4B -----END PGP SIGNATURE----- _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
