4. IPSec Tunnel fails –-

IPSec Tunnel fails –-

  • P

    Good Morning,

    I have a pfSense 2.0.1 with two IPSec tunnels.

    Tunnel one is to a pfSense 1.2.3 while Tunnel 2 is a pfSense 2.0.1 box.

    Tunnel one stays up and seems to be fine.  Tunnel 2 keeps dropping Putty sessions on what appear to be Large Packet errors. I changed the WAN MTU on the Tunnel 2 end from default (1500) to 1486 but it failed again just now. Putty error: "Software Error Connection Aborted"

    Any ideas ?

    TIA ==

    0
  • Rebel Alliance Developer Netgate

    On pfSense 1.2.3, the "MTU" value on WAN actually set MSS Clamping (assuming you didn't disable scrub).

    The equivalent setting on 2.0 would be under System > Advanced, on the Misc tab, check the box for MSS clamping on VPNs and then enter the same value there that you enter on the 1.2.3 box's WAN MTU.

    Leave the MTU on pfSense 2.0.x as default.

    0
  • P

    So I changed the Remote end of Tunnel 2 (The one that Fails with large packets) and no joy –

    Do I have to change both ends ?  Or is a reboot required on the remote Tunnel 2 end ?

    TIA..

    PS: Tunnel 1 to the older version of pfSense is defaulted so (1500) .

    0
  • Rebel Alliance Developer Netgate

    It should match on both sides.

    0
Locked
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2018 Rubicon Communications, LLC | Privacy Policy