IpSec tunnel not working on SMB and HTTP



  • Hello

    I have a site-to-site ipsec tunnel between two pfSense boxes. Both are running pfSense 2.3.4. Everything was working fine before updating the firewalls to the latest version.

    Now I can do PING, SSH, Remote Desktop Connection and FTP between computers on both sites except:

    HTTP/HTTPS
    SAMBA (between Windows computers)

    About HTTP/HTTPS connections, when connecting to a web server from the opposite side (it doesn't matter the direction) the browser (Chrome, Firefox, Opera) keeps waiting for the server until it times out. However, if I run tcpdump on both firewalls I see packets going in and out, so the browser speaks to the web server and gets a response. Also the web server log gets the requests. On the tab of the browser you can see the title of the website but that's it, nothing else is loaded.

    About SAMBA, on some servers it goes fine and I can transfer files at a 50Mb/s speed. On other servers it connects and I can see the directory list, but once I get into one of the folders it times out. On others it simply times out, no listing or anything is showed. It is not a rules issue or Internet bandwidth, and as I said it was working fine on all servers before the upgrade. I also checked this with tcpdump and the packets go back and forth.

    Anyone has experienced anything like that with the latest pfSense version? I'm getting really mad at this. Any ideas will be appreciated!



  • OK, I finally found the problem.

    MSS clamping was enabled and set to 1400. I had to decrease it to 1300 and now everything works fine.



  • I have the EXACT same issue. What's strange is the problem is only occurring one way. I decreased MSS clamping on both sides to 1300 and everything is working now.


Log in to reply