TCP not routing through IPsec tunnel - MSS issue?
-
https://forum.netgate.com/topic/135994/ipsec-mtu-issue-only-from-windows-8
Similar Issue here -- You find a fix ?
-
@phonebuff said in TCP not routing through IPsec tunnel - MSS issue?:
https://forum.netgate.com/topic/135994/ipsec-mtu-issue-only-from-windows-8
Similar Issue here -- You find a fix ?
The only thing that got webpages loaded on endpoints was to reduce the MTU on the client machines. Seems like a bug in pfSense to me.
-
Can you try disabling the setting of Asynchronous Cryptography?
This is located in VPN - IPSEC - Advanced setting bottom of the page.
-
Thank you for the suggestion. I will try this as soon as I can. But one question is the setting symmetric or can I just can the remote end.. (Windows Workstation).
TIA --
-
That setting was just released in 2.4.4, as far as I know it's only on the pfSense side:
-
Sorry I asked the question wrong this is two pfSense units. a 3100 and a 7100. the Windows box sits at the 3100 (remote) end. Should I turn the option off in both or can I just turn it off in the 3100.
-
I would be interested in the following combinations if you have the ability to test:
1: 3100 off, 7100 on
2: 3100 on, 7100 off
3: 3100 off, 7100 off -
Okay, let me see what I can arrange to do for you ..
-
Quick update. So I found out today that the 7100 are at 2.4.1 . Additionally, by hands & eyes at the other end is unavailable to work with me till next week and I can not risk locking myself out while he is away so this will have to wait. -
@chrismacmahon said in TCP not routing through IPsec tunnel - MSS issue?:
Can you try disabling the setting of Asynchronous Cryptography?
This is located in VPN - IPSEC - Advanced setting bottom of the page.
@chrismacmahon - this setting was already disabled in my config - I don't have the box Asynchronous Cryptography checked.
