[Solved] Re: IPsec issue

Kris Maglione bsdaemon at comcast.net
Tue Jan 25 12:42:47 PST 2005

Kris Maglione wrote:

> I secure my wireless network with IPsec. The rules are generated with 
> a perl script (included below) with a rule for each ip in the range 
> (.2 is my AP). The key exchange is handled 
> by racoon and works without issue. I have "allow ip from any to any" 
> as my first ipfw rule when on this network. My firewall allows DHCP 
> and ISAKMP traffic unencrypted and allows only esp traffic otherwise.
> My problem is that certain websites tend not to work. I can look them 
> up and  make a connection, but I get no incoming packets, although on 
> occasion they do work. Google is one such site. Also, it seems that 
> images don't always load for any site. Neither firewall is blocking 
> the traffic. When I make an OpenVPN link over the connection (it's 
> easier than disabling IPsec, since it's already setup for when I'm 
> away from home), the same websites work fine.

The problem turned out to be that with the overhead of the IPsec 
headers, I needed to decrease the MTUs of both interfaces.

More information about the freebsd-questions mailing list