Missing packets
-
Hi everybody,
I've a dozen sites connected in hub and spoke configuration via IPSEC.
All sites use pfSense with no issues.
Suddenly I started to experience connection issues to one site.To test it, I executed a packet capture on both firewalls on IPSEC port, while accessing a network share on spoke site from the hub site.
The hub side capture above shows you host 192.168.126.210 (hub site) starting a SMB connection (SMB Negotiate Protocol Request) to host 192.168.148.10 (spoke site).
The Session Setup Request message get split in 3 packets (1512 + 1512 + 313 Bytes) but only the last packet appears on the other side as you can see below.Also in the first capture you can see hub site retransmit the packet 5 times, but, again they never appear in spoke site.
Capture files: hub.cap spoke.cap
The first thing I can see is the missing packets are the bigger ones (1512 Bytes).
The second one is reversing the test (accessing a share on hub site from spoke site) works flawlessly.What is going on?
Regards,
Corrado -
Something probably changed in the path MTU between the two sites. Try setting MSS Clamping to something like 1350 on both sides VPN > IPsec, Advanced Settings
Note how the 192.168.148.10 site is reporting an 8960 MSS value. Someone playing with jumbo frames and screwed the pooch there?