[SOLVED] IPSec Site to Site - Blocking packets

Started by juliocbc, September 18, 2019, 05:54:34 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
September 18, 2019, 05:54:34 AM Last Edit: September 21, 2019, 04:21:32 PM by juliocbc
Hi!

I've connected one OPNsense (tried with 19.1.4 and 19.1.10_1) with a Dlink 1660 (NetDefendOS). The tunnel is up and functional, but a very strange behavior is happening after some connectios to a couple of webservers, that are connect to DLink UTM. The ICMP packets are passing by without problems, but the after a few successful HTTP connections, suddenly they starts to be blocked even with a pass any any rule in IPSec firewall rules. If I disable the packet filter (pfctl -d), the problem disappears, but with no firewall at all doesn't make any sense to proceed.

Anyone have experienced something like that? I confess that is very confusing, is looks like some kind wierd bug.
Cloudfence Open Source Team
September 21, 2019, 04:21:18 PM #1
The problem was with the MTU (WAN and LAN) and TCP MSS values, some kind of problem with the ISP, we've tried with others ISPs, with the default values, and the problem not occured.

The values used to solve the problem with the problematic ISP: MTU = 1492 and TCP MSS = 1400 (both LAN and WAN) interfaces.

Cloudfence Open Source Team
Print
Go Up Pages1
User actions