[Swan] Tunnel behind NAT: large packets freeze it
Paul Wouters
paul at nohats.ca
Sat Dec 23 19:50:54 UTC 2017
On Thu, 21 Dec 2017, Davide Pucci wrote:
> > Most likely broken path mtu discovery, see:
> > https://libreswan.org/wiki/FAQ#My_ssh_sessions_hang_or_connectivity_is_very_slow
>
> Thank you for your answer, but I already tried any of those solutions (tried almost every value from 1500 down to 250), without actually fixing the problem at all.
> Any other help? Keep in mind that I have other tunnels between the hosts the one behind NAT is connecting to, and when NAT-ed host is not involved, I've no problems at all.
One host or another has the problem with MTU. Going lower then 1300
should never be needed (and dangerous if/when using L2TP/PPP which
uses 1200 on most OSes)
You really do have a MTU issue if pings work but screens of output
freezes. It could be a problem on multiple machines. Note also that
conntrack tables might not instantly update, so you might have to
redo the tests running conntrack -F to clear the kernel state.
Paul
More information about the Swan
mailing list