[ previous ] [ next ] [ threads ]
 From:  Lee Sharp <leesharp at hal dash pc dot org>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Problem with slow and nonreliable IPSec tunnel
 Date:  Thu, 30 May 2013 08:32:57 -0500
On 05/30/2013 01:07 AM, Ludvik Roubicek wrote:
> Hello,
> I have problem with 2 m0n0walls running on ALIX's configured to connect
> thru IPSec tunnel each other.
> The problem might be of course between their providers or let's say
> providers networks (some traffic shaping and so on).

> Do you have any idea how to solve the problem? I've tried to check it by
> Wireshark, but I cannot find something meaningfull. I know, that
> Provider1 (UPC) limits somehow upload but I don't know how and how to
> avoid the problem.

I too think it is an MTU issue.  And m0n0wall blockes fragmented IPSEC 
packets by default.  You might try allowing "Allow fragmented IPsec 
packets" under System -> Advanced in the firewall section.  Do it on 
both sides.  Also, use Aggressive, Blowfish, and MD% for the lightest 
load while still encrypted.