Hi,

Either peer will try to send packets with the maximum MTU of the route (pmtu 
discovery also has a play in it).

There can be a lot of problems. Try to fix the MSS and the MTU for the routes 
first. There are keys in strongswan.conf for that.
They are only significant for connections that are terminated or initiated by 
the host.

I strongly recommend stopping trying to guess what the problem is and taking a 
look what happens with the packets on
the wire and in the kernel. tcpdump, tshark, wireshark(-gtk) and the iptables 
LOG and TRACE targets are your friend.

To be able to help you, I need some traffic dumps and the things that are 
listed on the HelpRequests[1] page on the wiki.

[1] https://wiki.strongswan.org/projects/strongswan/wiki/HelpRequests

Kind regards

Noel

On 09.08.2017 16:10, lejeczek wrote:
> hi everyone
>
> I'd like to ask - how MTU affects link/connection of a tunnel if MTUs on both 
> ends are different?
>
> I'm asking because I'm seeing behaviour, symptoms which I think relate or are 
> directly caused by:
>
> _Aclient(auto=1500) <=> server(out iface auto=1500), server other iface 
> 10.10.10.100(mtu=8192)
>
> _Aclient vpns in fine, server's rightsourceip=10.10.10.220,10.10.10.221 and 
> server is pingable from _Aclient as any other node on 10.10.10.0/24 is, but!
> _Aclient cannot ssh to the server nor can to any other node on 10.10.10.0/24
>
> Normally I'd blame, with high certainty, MTUs but because I only begin 
> looking at Strongswan I'm looking for experts to share few thoughts and 
> advices.
>
> many thanks, L.
>

Attachment: signature.asc
Description: OpenPGP digital signature

Reply via email to