MTU through IPSEC Tunnel for UDP Traffic

routey

Hello, I have two sites with pfSense joined through an IPSEC VPN and have found that deploying a SIP phone to the remote site fails because they are unable to make outbound calls. The phone can register against the server and receive inbound calls but through packet capture on each device I can see that the invite messages are not reaching the local pfSense so never getting on to the server.

Remote = pfSense router
Phone = Grandstream GRP2602P
Local = pfSense in virtual machine

We have a different remote site working with the same model phone so the firewall rules on the local side are OK. I have set allow any/any/any rules on the remote site's firewall for the one we're having trouble with.

We plug the pfSense WAN into the remote worker's home Internet router LAN but this particular remote worker's ISP has an MTU of 1488. We've had trouble with MTU before so we always set the pfSense WAN to 1420 but if this is the problem then I don't understand how the traffic inside the tunnel is affected by it and I'd expect to still see something on the other end. Instead it just looks like bigger packets are silently dropped with nothing in the firewall log.

What is it about this setup that I'm missing?

routey

Can anyone shed some light on this?