Missing packets



  • Hi everybody,

    I've a dozen sites connected in hub and spoke configuration via IPSEC.
    All sites use pfSense with no issues.
    Suddenly I started to experience connection issues to one site.

    To test it, I executed a packet capture on both firewalls on IPSEC port, while accessing a network share on spoke site from the hub site.

    c41a8bfb-0269-463a-8aa1-00a32e7e9d8e-image.png

    The hub side capture above shows you host 192.168.126.210 (hub site) starting a SMB connection (SMB Negotiate Protocol Request) to host 192.168.148.10 (spoke site).
    The Session Setup Request message get split in 3 packets (1512 + 1512 + 313 Bytes) but only the last packet appears on the other side as you can see below.

    a8362b98-8564-464e-8463-1f51b570c8bc-image.png

    Also in the first capture you can see hub site retransmit the packet 5 times, but, again they never appear in spoke site.

    Capture files: hub.cap spoke.cap

    The first thing I can see is the missing packets are the bigger ones (1512 Bytes).
    The second one is reversing the test (accessing a share on hub site from spoke site) works flawlessly.

    What is going on?

    Regards,
    Corrado


  • LAYER 8 Netgate

    Something probably changed in the path MTU between the two sites. Try setting MSS Clamping to something like 1350 on both sides VPN > IPsec, Advanced Settings

    Note how the 192.168.148.10 site is reporting an 8960 MSS value. Someone playing with jumbo frames and screwed the pooch there?


Log in to reply