VPN Connection trough PFSense

rpsecht · Nov 14, 2016, 9:32 PM

Hello,

i have a setup like this:

Client1 as a part of my LAN - OS: Win7, VPN Software: ShrewSoft

Server 1 in WAN - its a Lancom 1781vaw

Now when i start the connection it ends with a timeout (in Shrewsoft Access Manager):


attached to key daemon ...
peer configured
iskamp proposal configured
esp proposal configured
client configured
local id configured
remote id configured
server cert configured
client cert configured
client key configured
bringing up tunnel ...
negotiation timout occurred
tunnel disabled
detached from key daemon

In the ShrewSoft Debugger apears this 4 times:


16/11/14 22:26:21 ii : fragmented packet to 1394 bytes ( MTU 1380 bytes )
16/11/14 22:26:21 ii : fragmented packet to 1394 bytes ( MTU 1380 bytes )
16/11/14 22:26:21 ii : fragmented packet to 414 bytes ( MTU 1380 bytes )
16/11/14 22:26:21 -> : resend 1 phase1 packet(s) [2/2]

Those Packages are also routed to WAN. (checked with Package Capture on LAN and WAN)

I've found something strange:
I enter a MTU in ShrewSoft and netsh interface ipv4 show interfaces displays me the MTU still remain on 1500. Then i try with ping -l1500 and it doesn't work -> 1400 works! So i changed the MTU in Windows Registery to 1380.

I don't have access to the Logfiles from the Server.

But this doesn't help…. Do you have some Ideas? Can you help me?

rpsecht · Nov 21, 2016, 1:30 PM

Remove the cross in this Field works (System- Advanced - Firewall):

Disable Firewall Scrub Disables the PF scrubbing option which can sometimes interfere with NFS traffic.