VPN Connection trough PFSense



  • Hello,

    i have a setup like this:

    Client1 as a part of my LAN - OS: Win7, VPN Software: ShrewSoft

    Server 1 in WAN - its a Lancom 1781vaw

    Now when i start the connection it ends with a timeout (in Shrewsoft Access Manager):

    
    attached to key daemon ...
    peer configured
    iskamp proposal configured
    esp proposal configured
    client configured
    local id configured
    remote id configured
    server cert configured
    client cert configured
    client key configured
    bringing up tunnel ...
    negotiation timout occurred
    tunnel disabled
    detached from key daemon
    
    

    In the ShrewSoft Debugger apears this 4 times:

    
    16/11/14 22:26:21 ii : fragmented packet to 1394 bytes ( MTU 1380 bytes )
    16/11/14 22:26:21 ii : fragmented packet to 1394 bytes ( MTU 1380 bytes )
    16/11/14 22:26:21 ii : fragmented packet to 414 bytes ( MTU 1380 bytes )
    16/11/14 22:26:21 -> : resend 1 phase1 packet(s) [2/2]
    
    

    Those Packages are also routed to WAN. (checked with Package Capture on LAN and WAN)

    I've found something strange:
    I enter a MTU in ShrewSoft and netsh interface ipv4 show interfaces displays me the MTU still remain on 1500. Then i try with ping -l1500 and it doesn't work -> 1400 works! So i changed the MTU in Windows Registery to 1380.

    I don't have access to the Logfiles from the Server.

    But this doesn't help…. Do you have some Ideas? Can you help me?



  • Remove the cross in this Field works (System- Advanced - Firewall):

    Disable Firewall Scrub Disables the PF scrubbing option which can sometimes interfere with NFS traffic.