OPNsense Forum

Archive => 19.1 Legacy Series => Topic started by: juliocbc on September 18, 2019, 05:54:34 am

Title: [SOLVED] IPSec Site to Site - Blocking packets
Post by: juliocbc on September 18, 2019, 05:54:34 am

Hi!

I've connected one OPNsense (tried with 19.1.4 and 19.1.10_1) with a Dlink 1660 (NetDefendOS). The tunnel is up and functional, but a very strange behavior is happening after some connectios to a couple of webservers, that are connect to DLink UTM. The ICMP packets are passing by without problems, but the after a few successful HTTP connections, suddenly they starts to be blocked even with a pass any any rule in IPSec firewall rules. If I disable the packet filter (pfctl -d), the problem disappears, but with no firewall at all doesn't make any sense to proceed.

Anyone have experienced something like that? I confess that is very confusing, is looks like some kind wierd bug.

Title: [SOLVED] Re: IPSec Site to Site - Blocking packets
Post by: juliocbc on September 21, 2019, 04:21:18 pm

The problem was with the MTU (WAN and LAN) and TCP MSS values, some kind of problem with the ISP, we've tried with others ISPs, with the default values, and the problem not occured.

The values used to solve the problem with the problematic ISP: MTU = 1492 and TCP MSS = 1400 (both LAN and WAN) interfaces.