These are the providers that have MTU issues for us. - Panasonic - BoardConnect/Inmarsat - Verizon - Vodafone
-----Original Message----- From: Users <[email protected]> On Behalf Of Harald Dunkel Sent: Wednesday, December 11, 2019 2:09 PM To: [email protected] Subject: Re: [strongSwan] road warrior MTU issues (IPv4) ---External Email--- On 12/11/19 10:39 PM, Harald Dunkel wrote: > Hi folks, > > apparently the MacOS road warriors have to manually adjust the MTU on > ipsec0 to 1280 in some networks, e.g. if the IP provider is > Unitymedia, or if they travel in an ICE of Deutsche Bahn and use the free > Wifi. > Without *sudo ifconfig ipsec0 mtu 1280* their IPsec connection appears > to be broken. > > Problem is, setting the MTU on MacOS is not persistent. On the next > IPsec connection MacOS has lost the adjusted MTU and goes with the > default 1400 again. > > Since the peer runs Strongswan on Linux, I wonder if there is > something that can be done on this side? Is this purely MacOS' fault > for not fragmenting payload accordingly? > PS: I found https://wiki.strongswan.org/projects/strongswan/wiki/ForwardingAndSplitTunneling#MTUMSS-issues after sending this, but AFAIU reducing the mss affects outgoing TCP traffic only. Regards Harri
