OPNsense Forum

Archive => 19.1 Legacy Series => Topic started by: emfabox on June 03, 2019, 09:12:48 pm

Title: tinc vpn between debian vps and opnsense mtu erros
Post by: emfabox on June 03, 2019, 09:12:48 pm

Hello,

since a couple of days I get a lot of mtu size errors in the firewall log:

XXX.XXX.XXX.XXX.655 > xxx.xxx.xxx.xxx.655: UDP, length 1508
00:00:00.001556 rule 91/0(match): pass out on lo0: (tos 0x0, ttl 64, id 51338, offset 0, flags [none], proto ICMP (1), length 56)
127.0.0.1 > XXX.XXX.XXX.XXX: ICMP xxx.xxx.xxx.xxx unreachable - need to frag (mtu 1500), length 36
(tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 1536, bad cksum 4321 (->1f19)!)
XXX.XXX.XXX.XXX.655 > xxx.xxx.xxx.xxx.655: UDP, length 1508
00:00:00.000703 rule 91/0(match): pass out on lo0: (tos 0x0, ttl 64, id 4189, offset 0, flags [none], proto ICMP (1), length 56)
127.0.0.1 > XXX.XXX.XXX.XXX: ICMP xxx.xxx.xxx.xxx unreachable - need to frag (mtu 1500), length 36
(tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 1536, bad cksum ef3e (->1f19)!)



tinc is now running on the same version on both sites - never had this issues before the setup is running over a year since

/sbin/tincd --version
tinc version 1.0.35

any suggestions?

thank you

Title: Re: tinc vpn between debian vps and opnsense mtu erros
Post by: emfabox on June 11, 2019, 09:14:45 am

Any idea?
Switched to pfsense 2.4.4-RELEASE-p3 (amd64)  :-\
same hardware (Sophos SG 230) .. now its working without any interruption ....  :)