[Swan] wierd connection issue el7->el6

Simon Peeters simon at inuits.eu
Mon Jul 20 16:21:02 EEST 2015

hey all,

We are having a wierd problem getting an ipsec link to work for our
local development setup.

the setup is (ip addresses changed slightly):
  boxA: centos7 behind NAT (and over an adsl line) port 500 and 4500
are forwarded
    - private subnet ip is
    - ip on inside of NAT is
    - router at has public ip ( lets say )
  boxB: centos6 our production ipsec "master" has multiple connections
to other machines, all working nice
    - private subnet ip is
    - has public ip. (lets say

the issue: (below all using the private subnet ip)
  we can ping A -> B and B -> A
  we can ssh B -> A
  we can't ssh A -> B (hangs on debug1 expecting
  we can http GET from A to B
  we can't http POST from A to B (timeout waiting for form data)
if i set up a centos6 node to replace box A (with the same config) all
the above works perfecly

I suspect this to be mtu related, but havn't figured out how.


Simon Peeters

More information about the Swan mailing list