Results 1 to 6 of 6
  1. #1
    Untangler
    Join Date
    May 2017
    Posts
    60

    Exclamation Urgent help needed...client install with problems with MTU and ipsec

    Guys,

    I currently on the last hours of a client install. I have two Untangles (u25 and u150) with an ipsec tunnel between them.

    Things seemed to be working fine... I can ping/ssh from either side. However, if I do anything which outputs more than a bit of data (for example, "cat /etc/passwd", the ssh session freezes.

    I found evidence that a MTU setting could be responsible. On the remote server I was doing that cat on, it was set to 1500. On my local laptop I was ssh'ing from, it was also set to 1500.

    Dropping it to 1280 MTU on my laptop fixed the issue, but JUST for my laptop. All other hosts on the local network are not communicating because of this.

    How can I fix the issue for everyone?

    I'm running out of time...

    Thanks in advance.

  2. #2
    Untangler
    Join Date
    May 2017
    Posts
    60

    Default

    I tried changing the mtu on eth0 (the external interface) but it does no good. I then tried changing it on both eth0 and eth1 (external and internal) and no dice.

    I'm betting it has to be set on the ipsec interface. Is this possible?

  3. #3
    Untangler jcoffin's Avatar
    Join Date
    Aug 2008
    Location
    Lake Tahoe
    Posts
    9,686

    Default

    Unless there is an issue with the switch between your device and the local Untangle, only the external ethernet needs the MTU changed. I would check if there is an MTU issue on the far end Untangle also.
    Attention: Support and help on the Untangle Forums is provided by
    volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  4. #4
    Untangler
    Join Date
    May 2017
    Posts
    60

    Default

    How would I determine if there was a problem on the remote end?

    I've dropped the MTU on both Untangle for the External interface, but still no dice.

    Thanks

  5. #5
    Untangler
    Join Date
    May 2017
    Posts
    60

    Default

    I fell back to OpenVPN and it seems to be working ok.

    Any idea why it would work with OpenVPN but not Ipsec? Is it acceptable to run OpenVPN instead of ipsec for a large-ish install? What are the benefits/drawbacks?

    Thanks!

  6. #6
    Untangler
    Join Date
    May 2017
    Posts
    60

    Default

    We finally got it working with the help of Untangle support. I'm not certain I'm clear on why reducing the MTU on my laptop allowed it to work but changing the MTU on the Untangle NICs didn't. Regardless, what ultimately fixed it, in case any of you experience this, was ensuring "Bypass all IPsec traffic" was checked in the IPsec options on both ends. I had it checked on one, but mistakenly missed the other side. HTH.

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2