Missing packets

  • Hi everybody,

    I've a dozen sites connected in hub and spoke configuration via IPSEC.
    All sites use pfSense with no issues.
    Suddenly I started to experience connection issues to one site.

    To test it, I executed a packet capture on both firewalls on IPSEC port, while accessing a network share on spoke site from the hub site.


    The hub side capture above shows you host (hub site) starting a SMB connection (SMB Negotiate Protocol Request) to host (spoke site).
    The Session Setup Request message get split in 3 packets (1512 + 1512 + 313 Bytes) but only the last packet appears on the other side as you can see below.


    Also in the first capture you can see hub site retransmit the packet 5 times, but, again they never appear in spoke site.

    Capture files: hub.cap spoke.cap

    The first thing I can see is the missing packets are the bigger ones (1512 Bytes).
    The second one is reversing the test (accessing a share on hub site from spoke site) works flawlessly.

    What is going on?


  • LAYER 8 Netgate

    Something probably changed in the path MTU between the two sites. Try setting MSS Clamping to something like 1350 on both sides VPN > IPsec, Advanced Settings

    Note how the site is reporting an 8960 MSS value. Someone playing with jumbo frames and screwed the pooch there?

Log in to reply