I wrote a while back with my IPsec-related problems. I have narrowed it down
1) my m0n0-to-m0n0 IPsec tunnel comes up when needed (I am running 1.11).
All firewall rules allow fragmented packets.
2) short packets (ping's, SSH negotiations) traverse the link fine
3) Longer packets get dropped. I have confirmed this with tcpdump. When I
change the client MTU to 1400 everything works fine, but I need a more
systemic solution because I will not have access to all potential clients.
Does anyone have any suggestions? Vincent Fleuranceau suggested to use 1.2b3
and I did but the problem persisted so I returned to the stable version.
I have a feeling that I am overlooking something obvious and I would really
appreciate any pointers for troubleshooting this.
Thank you in advance,