Kris Maglione wrote:
I secure my wireless network with IPsec. The rules are generated with a perl script (included below) with a rule for each ip in the range 192.168.1.3-192.168.1.254 (.2 is my AP). The key exchange is handled by racoon and works without issue. I have "allow ip from any to any" as my first ipfw rule when on this network. My firewall allows DHCP and ISAKMP traffic unencrypted and allows only esp traffic otherwise.
My problem is that certain websites tend not to work. I can look them up and make a connection, but I get no incoming packets, although on occasion they do work. Google is one such site. Also, it seems that images don't always load for any site. Neither firewall is blocking the traffic. When I make an OpenVPN link over the connection (it's easier than disabling IPsec, since it's already setup for when I'm away from home), the same websites work fine.
The problem turned out to be that with the overhead of the IPsec headers, I needed to decrease the MTUs of both interfaces.
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
