Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    IPSEC 1418 MTU Limit

    IPsec
    2
    2
    4.8k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      RPCCIMS
      last edited by

      Hi
          We have been successfully using PFSENSE for about a year for a perimeter firewall. We have three WAN connections (separate ISP's).  We have just set up our first IPSEC tunnel with a partner that uses CISCO and discovered the MAX 1418 packet size limit for the tunnel with PFSENSE.  As a workaround we decreased the WAN connection (the one using the tunnel) to a MTU of 1400. This seem to correct the Black Hole issue with the tunnel, but are now getting clients and customers that access a service we provide through HTTPS complaining of slowness when coming through the WAN interface with the 1400 MTU.

      Is there anyway to correct the IPSEC Black Hole issue without having to change the WAN interface MTU to a non optimal setting? Searches about this issue on the NET indicates that both Monowall and PFSENSE have had the issue for a long time and it still exists in 1.2.3.  Is there a patch, and if not is this serious problem going to be fixed soon? I suggest at least making users of PFSENSE aware when setting up the IPSEC tunnel through some type of message.

      Thanks in advance
      Bob

      1 Reply Last reply Reply Quote 0
      • S
        seank
        last edited by

        Any updates to this? I'm about to go back to my Linux/StrongSWAN based firewall.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.