ipsec vpn mtu problem

Andrew Thomson andrewjt at applecomm.net
Sun Nov 28 20:28:53 PST 2004

I have a problem with a freebsd lan to lan IPSEC vpn. Specifically seems
to be an mtu related problem.

Previously I have set these up and they have run perfectly between
freebsd firewalls acting as the vpn terminator.

The latest site that I'm trying to connect to has a basic internet
connection. Although it is a business ethernet connection, it's looking
similar to a PPPoE link that I have at home! 

Anyway, in order to get a reliable internet connection, the MTU on the
public interface had to be dropped to 1492. Once down, the internet
worked a treat.

Lan to lan VPN config was done with setkey and racoon, up and running
very quickly.

However when we try to move data across this link, it gets a bit done
and then conks out.

> scp rt-3.2.2.tar.gz root at
root at's password: 
rt-3.2.2.tar.gz                                11%  144KB  36.7KB/s -
stalled -

All my other VPNs work perfectly however none of them required the MTU
change. This is the first one that required an MTU change and the first
one that doesn't seem to be able to handle anything more than a ping.

One side is running 4.3-RELEASE-p28, the other is running 5.3-STABLE.

The 5.3 box is the one that has the dodge internet link requiring the
MTU change.

Any thoughts would be much appreciated.


Andrew Thomson <andrewjt at applecomm.net>

More information about the freebsd-questions mailing list