[prev in list] [next in list] [prev in thread] [next in thread]
List: pfsense-discussion
Subject: Re: [pfSense] ipsec and multi-wan
From: Gregory K Shenaut <gkshenaut () UCDAVIS ! EDU>
Date: 2015-03-24 3:09:27
Message-ID: E5CE1ED5-0A08-4855-A1C5-BA0D28057753 () ucdavis ! edu
[Download RAW message or body]
> On Mar 23, 2015, at 17:31 , Chris Buechler <cmb@pfsense.org> wrote:
>
> On Thu, Mar 19, 2015 at 12:48 PM, Gregory K Shenaut
> <gkshenaut@ucdavis.edu> wrote:
> > Hi, I have a system with two sites. One of the sites has two WAN connections, the \
> > other one. I have an IPSEC tunnel passing all traffic between the two sites. I'm \
> > having some difficulty with site-to-site access. I can ping anything in either \
> > site from either site, but can't do much of anything else. For example, I can't \
> > open web pages across the tunnel: sometime I get nothing, sometimes a hundred or \
> > so characters then nothing else. When I try to transfer lots of data across the \
> > tunnel, typically I get some initial data, again a hundred or so characters, then \
> > it hangs, and, frequently, the tunnel itself goes down and I have to wait for it \
> > to re-establish itself.
>
> Almost certainly needing MSS clamping. Advanced settings tab, check
> that box there. Then start new connections (may want to kill states
> just to make really sure), and things will probably work.
This worked like a champ! I didn't know that option existed. Thank you.
Greg
> 've tried all sorts of things, and I believe that there may be a problem in routing \
> due to the dual-WAN setup on one of the sites. I'm not entirely certain, but it's \
> possible the problem began when I set up dual-WAN.
> >
> > I'm on pfsense 2.2.1.
> >
> > There is a sentence in the documentation at \
> > <https://doc.pfsense.org/index.php/VPN_Capability_IPsec> under Prerequisites:
> > > If pfSense is not the default gateway on the LAN where it is installed, static \
> > > routes must be added to the default gateway, pointing the remote VPN subnet to \
> > > the IP address on pfSense in the LAN subnet.
> >
>
> Is that actually the case? VPN is on a separate box from the default
> gateway on the LAN?
>
> > I've tried adding various static routes based on my understanding of that \
> > sentence, but they haven't helped, which is why I'm asking this question.
> > First, preliminary question: when you make a change to the System > Static Routes \
> > web page and apply it, it seems like sometimes older routes aren't deleted. Is it \
> > necessary to reboot every time you change the static routes to make sure that you \
> > get rid of ones you deleted or deactivated?
>
> Never necessary to reboot. Where are you seeing they're still there?
> Routes being there after you deleted the static route is generally
> indicative of something else adding them back, like a dynamic routing
> protocol, or them being in an OpenVPN client or server, or similar.
> _______________________________________________
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold
_______________________________________________
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic