[Swan] Tunnel behind NAT: large packets freeze it

[Davide Pucci]

> Most likely broken path mtu discovery, see: 
> https://libreswan.org/wiki/FAQ#My_ssh_sessions_hang_or_connectivity_is_very_slow 

Thank you for your answer, but I already tried any of those solutions (tried almost every value from 1500 down to 250), without actually fixing the problem at all. 
Any other help? Keep in mind that I have other tunnels between the hosts the one behind NAT is connecting to, and when NAT-ed host is not involved, I've no problems at all. 

Regards, 
Davide. 

********** 

Davide Pucci 
Systems and Software Engineer 
Mob: +39 348 923 7278 
Tel: +39 06 5960 2069 
Fax: +39 06 5960 6185 
Email: d.pucci at i-node.it 

I-node s.r.l. 
We build you® .biz 
Via di San Giovanni in Laterano, 84 - 00184 Roma (RM) 
Twitter: http://www.twitter.com/i_node 
Sito Web: http://www.i-node.it 


Da: "Paul Wouters" <paul at nohats.ca> 
A: "Davide Pucci" <d.pucci at i-node.it> 
Cc: "swan" <swan at lists.libreswan.org> 
Inviato: Mercoledì, 20 dicembre 2017 22:02:06 
Oggetto: Re: [Swan] Tunnel behind NAT: large packets freeze it 

On Wed, 20 Dec 2017, Davide Pucci wrote: 

> I need your help as I'm facing several issues without some Swan IPsec tunnels: they all are built between a NAT-ed 
> host (running openswan) and a publicly exposed one (running libreswan). 
> I can always reproduce the issue by executing "for i in {0..30}; do ps ax; done" or "dd if=/dev/urandom bs=10M": it 
> seems that if I run commands with large outputs tunnel goes down. 
> The first - behind NAT - host has the configuration file attached as h1-to-h2.conf; similarly, the latter, the one 
> named h2-to-h1.conf. 

Most likely broken path mtu discovery, see: 

https://libreswan.org/wiki/FAQ#My_ssh_sessions_hang_or_connectivity_is_very_slow 

Paul 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20171221/c04f28c3/attachment.html>