[ previous ] [ next ] [ threads ]
 From:  Mike Robison <mrobison at wts dot edu>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  ssh over an ipsec site to site tunnel
 Date:  Wed, 25 Jan 2012 10:51:27 -0500
    I'm attempting to run an ssh connection over an ipsec site to site
tunnel and I'm running into MTU issues. I have a workaround that works, but
it doesn't feel proper. I've got two m0n0wall's (v1.33) set up as the end
points in the ipsec tunnel, connecting two subnets. Running ifconfig on
either tells me that the MTU is at 1500. When I attempt to ssh from one
subnet to the other, the connection hangs when running commands like ls -la
or ps aux. After some poking around, I found that both my ssh client and
server have their MTU set to 1500. I changed the client to 1440 and the ssh
connection works like a charm. What I think is happening is this: The ipsec
tunnel is not properly reforming the ssh packets at end of the tunnel,
thereby causing the ssh tunnel to collapse.
   Has anyone else discovered a better solution than modifying the MTU of
the ssh client? That is to say, is there a suggested way of ensuring the
ipsec tunnel properly reforms the packets in M0n0wall itself? Or do I
actually not understand what is going here?
Mike Robison