site to site loosing html trafic
-
i followed instructions on creating a site to site vpn (https://docs.netgate.com/pfsense/en/latest/recipes/ipsec-s2s-psk.html)
the VPN has been working great until a couple of days ago. Now some traffic works and some doesn't. I Tested: ping, it pings between both locations.
remote desktop, can connect in either direction.
DNS: seems to update in either direction.
any HTML traffic seems to be lost. example surveillance system at each location can't be accessed from the other building. This used to work. Also it doesn't matter if it's https or http. though i can access the other location pfsense from the other location.
Both locations are ver2.7.0
both locations have IPsec rules protocol any, source any, destination any
Thanks for any ideas. I am rather new to ipsec and VPN. But generally good at following instructions. -
after much searching and trial and some error. I think i have solved the problem. It seemed to be loosing or having packets getting corrupted or out of order as i have seen some documents describe it. I ended up changing the maximum MSS on one firewall. Since i am new at this, it took a long time to find this setting so i will include it here for others that may be having similar problems.
system, advanced. firewall & nat tab
Scroll down to VPN packet processing, check box enable MSS clamping on VPN traffic. Maximum MSS 1400.
I disconnected the VPN and let it reconnect, just to make sure changes happened. After that print jobs between builds and web pages worked again.
Thanks.