On 12/11/19 10:39 PM, Harald Dunkel wrote:
Hi folks,
apparently the MacOS road warriors have to manually adjust the MTU on
ipsec0 to 1280 in some networks, e.g. if the IP provider is Unitymedia,
or if they travel in an ICE of Deutsche Bahn and use the free Wifi.
Without *sudo ifconfig ipsec0 mtu 1280* their IPsec connection appears
to be broken.
Problem is, setting the MTU on MacOS is not persistent. On the next
IPsec connection MacOS has lost the adjusted MTU and goes with the
default 1400 again.
Since the peer runs Strongswan on Linux, I wonder if there is something
that can be done on this side? Is this purely MacOS' fault for not
fragmenting payload accordingly?
PS: I found
https://wiki.strongswan.org/projects/strongswan/wiki/ForwardingAndSplitTunneling#MTUMSS-issues
after sending this, but AFAIU reducing the mss affects outgoing TCP traffic
only.
Regards
Harri
