IPSec Tunnel fails –-

  • Good Morning,

    I have a pfSense 2.0.1 with two IPSec tunnels.

    Tunnel one is to a pfSense 1.2.3 while Tunnel 2 is a pfSense 2.0.1 box.

    Tunnel one stays up and seems to be fine.  Tunnel 2 keeps dropping Putty sessions on what appear to be Large Packet errors. I changed the WAN MTU on the Tunnel 2 end from default (1500) to 1486 but it failed again just now. Putty error: "Software Error Connection Aborted"

    Any ideas ?

    TIA ==

  • Rebel Alliance Developer Netgate

    On pfSense 1.2.3, the "MTU" value on WAN actually set MSS Clamping (assuming you didn't disable scrub).

    The equivalent setting on 2.0 would be under System > Advanced, on the Misc tab, check the box for MSS clamping on VPNs and then enter the same value there that you enter on the 1.2.3 box's WAN MTU.

    Leave the MTU on pfSense 2.0.x as default.

  • So I changed the Remote end of Tunnel 2 (The one that Fails with large packets) and no joy –

    Do I have to change both ends ?  Or is a reboot required on the remote Tunnel 2 end ?


    PS: Tunnel 1 to the older version of pfSense is defaulted so (1500) .

  • Rebel Alliance Developer Netgate

    It should match on both sides.

Log in to reply