Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    IPSec Tunnel fails –-

    Scheduled Pinned Locked Moved IPsec
    4 Posts 2 Posters 2.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      Phonebuff
      last edited by

      Good Morning,

      I have a pfSense 2.0.1 with two IPSec tunnels.

      Tunnel one is to a pfSense 1.2.3 while Tunnel 2 is a pfSense 2.0.1 box.

      Tunnel one stays up and seems to be fine.  Tunnel 2 keeps dropping Putty sessions on what appear to be Large Packet errors. I changed the WAN MTU on the Tunnel 2 end from default (1500) to 1486 but it failed again just now. Putty error: "Software Error Connection Aborted"

      Any ideas ?

      TIA ==

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        On pfSense 1.2.3, the "MTU" value on WAN actually set MSS Clamping (assuming you didn't disable scrub).

        The equivalent setting on 2.0 would be under System > Advanced, on the Misc tab, check the box for MSS clamping on VPNs and then enter the same value there that you enter on the 1.2.3 box's WAN MTU.

        Leave the MTU on pfSense 2.0.x as default.

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • P
          Phonebuff
          last edited by

          So I changed the Remote end of Tunnel 2 (The one that Fails with large packets) and no joy –

          Do I have to change both ends ?  Or is a reboot required on the remote Tunnel 2 end ?

          TIA..

          PS: Tunnel 1 to the older version of pfSense is defaulted so (1500) .

          1 Reply Last reply Reply Quote 0
          • jimpJ
            jimp Rebel Alliance Developer Netgate
            last edited by

            It should match on both sides.

            Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

            Need help fast? Netgate Global Support!

            Do not Chat/PM for help!

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.