OpenVPN and Wireguard wont work from DS Lite ISPs

Started by tyrell, October 08, 2024, 08:50:09 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
October 08, 2024, 08:50:09 AM
Cheers everyone,

we switched our Companys Firewall a few weeks ago to Opnsense (from Pfsense).
Everything works great now. Except some users, who can connect (they get an IP) and cant ping ressources on the lan but cant access via browser (80,443).
All have in common that they have the same german isp (vodafone) with ds-lite.
If they switch to mobile hotspot, the vpn works fine.
subnets of the private lan and vpn and corp lan are different.

Before with the pfsense it was working too. but i cant find the difference.
i read its a common problem but it seems no one has a solution. could it be mtu?
if anyone has experience with let me know : )

October 08, 2024, 09:24:32 AM #1
The dual stack stuff needs more overhead and therefore reduces the usable MTU size. ry reducing it to 1300 or even smaller. DS-lite and non working VPN connections are a very common issue. Reducing MTU is the best bet to solve these issues.
October 08, 2024, 09:37:56 AM #2
Awesome. Thanks.
On fw side or on client side or both?
Print
Go Up Pages1
User actions