[Swan] Tunnel behind NAT: large packets freeze it
Paul Wouters
paul at nohats.ca
Wed Dec 20 21:02:06 UTC 2017
On Wed, 20 Dec 2017, Davide Pucci wrote:
> I need your help as I'm facing several issues without some Swan IPsec tunnels: they all are built between a NAT-ed
> host (running openswan) and a publicly exposed one (running libreswan).
> I can always reproduce the issue by executing "for i in {0..30}; do ps ax; done" or "dd if=/dev/urandom bs=10M": it
> seems that if I run commands with large outputs tunnel goes down.
> The first - behind NAT - host has the configuration file attached as h1-to-h2.conf; similarly, the latter, the one
> named h2-to-h1.conf.
Most likely broken path mtu discovery, see:
https://libreswan.org/wiki/FAQ#My_ssh_sessions_hang_or_connectivity_is_very_slow
Paul
More information about the Swan
mailing list