On Thu, Mar 19, 2015 at 12:48 PM, Gregory K Shenaut <gkshen...@ucdavis.edu> wrote: > Hi, I have a system with two sites. One of the sites has two WAN connections, > the other one. I have an IPSEC tunnel passing all traffic between the two > sites. I'm having some difficulty with site-to-site access. I can ping > anything in either site from either site, but can't do much of anything else. > For example, I can't open web pages across the tunnel: sometime I get > nothing, sometimes a hundred or so characters then nothing else. When I try > to transfer lots of data across the tunnel, typically I get some initial > data, again a hundred or so characters, then it hangs, and, frequently, the > tunnel itself goes down and I have to wait for it to re-establish itself. >
Almost certainly needing MSS clamping. Advanced settings tab, check that box there. Then start new connections (may want to kill states just to make really sure), and things will probably work. > I've tried all sorts of things, and I believe that there may be a problem in > routing due to the dual-WAN setup on one of the sites. I'm not entirely > certain, but it's possible the problem began when I set up dual-WAN. > > I'm on pfsense 2.2.1. > > There is a sentence in the documentation at > <https://doc.pfsense.org/index.php/VPN_Capability_IPsec> under Prerequisites: > >> If pfSense is not the default gateway on the LAN where it is installed, >> static routes must be added to the default gateway, pointing the remote VPN >> subnet to the IP address on pfSense in the LAN subnet. > Is that actually the case? VPN is on a separate box from the default gateway on the LAN? > I've tried adding various static routes based on my understanding of that > sentence, but they haven't helped, which is why I'm asking this question. > > First, preliminary question: when you make a change to the System > Static > Routes web page and apply it, it seems like sometimes older > routes aren't deleted. Is it necessary to reboot every time you change the > static routes to make sure that you get rid of ones you deleted or > deactivated? Never necessary to reboot. Where are you seeing they're still there? Routes being there after you deleted the static route is generally indicative of something else adding them back, like a dynamic routing protocol, or them being in an OpenVPN client or server, or similar. _______________________________________________ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
