Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
19.1 Legacy Series
»
[SOLVED] IPSec Site to Site - Blocking packets
« previous
next »
Print
Pages: [
1
]
Author
Topic: [SOLVED] IPSec Site to Site - Blocking packets (Read 4784 times)
juliocbc
Sr. Member
Posts: 332
Karma: 12
[SOLVED] IPSec Site to Site - Blocking packets
«
on:
September 18, 2019, 05:54:34 am »
Hi!
I've connected one OPNsense (tried with 19.1.4 and 19.1.10_1) with a Dlink 1660 (NetDefendOS). The tunnel is up and functional, but a very strange behavior is happening after some connectios to a couple of webservers, that are connect to DLink UTM. The ICMP packets are passing by without problems, but the after a few successful HTTP connections, suddenly they starts to be blocked even with a pass any any rule in IPSec firewall rules. If I disable the packet filter (pfctl -d), the problem disappears, but with no firewall at all doesn't make any sense to proceed.
Anyone have experienced something like that? I confess that is very confusing, is looks like some kind wierd bug.
«
Last Edit: September 21, 2019, 04:21:32 pm by juliocbc
»
Logged
Cloudfence Open Source Team
juliocbc
Sr. Member
Posts: 332
Karma: 12
[SOLVED] Re: IPSec Site to Site - Blocking packets
«
Reply #1 on:
September 21, 2019, 04:21:18 pm »
The problem was with the MTU (WAN and LAN) and TCP MSS values, some kind of problem with the ISP, we've tried with others ISPs, with the default values, and the problem not occured.
The values used to solve the problem with the problematic ISP: MTU = 1492 and TCP MSS = 1400 (both LAN and WAN) interfaces.
Logged
Cloudfence Open Source Team
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
19.1 Legacy Series
»
[SOLVED] IPSec Site to Site - Blocking packets