On 05/30/2013 01:07 AM, Ludvik Roubicek wrote:
> I have problem with 2 m0n0walls running on ALIX's configured to connect
> thru IPSec tunnel each other.
> The problem might be of course between their providers or let's say
> providers networks (some traffic shaping and so on).
> Do you have any idea how to solve the problem? I've tried to check it by
> Wireshark, but I cannot find something meaningfull. I know, that
> Provider1 (UPC) limits somehow upload but I don't know how and how to
> avoid the problem.
I too think it is an MTU issue. And m0n0wall blockes fragmented IPSEC
packets by default. You might try allowing "Allow fragmented IPsec
packets" under System -> Advanced in the firewall section. Do it on
both sides. Also, use Aggressive, Blowfish, and MD% for the lightest
load while still encrypted.