>
> Hello,
> This appears to be the same thing I have been having issues with and
> mentioned in a post to misc last week ("Untable ssl connections over ikev2
> VPN") - (yes, typo intact - it should be "unstable").
>
> I have tried adding a "max-mss 1300" directive into pf.conf (i.e.: "match in
> all scrub (no-df random-id max-mss 1300)").
>
> At first, I _thought_ this made a difference, but I am not sure if that is
> really true.
>
> I have also noticed that the TLS failures seem to vary based on OS. At this
> point, I was able to get an https connection to work with firefox on MacOS,
> but the TLS handshake continues to hang (100% of the time) with firefox on a
> Windows 7 PC. With an openBSD laptop, it seems like it sometimes works and
> sometimes doesn't (using "openssl s_client" to test).
>
> I also made no changes in pf.conf or iked.conf from the working to
> non-working period.
>
> I have no idea what to do; I am just posting my observations if that helps.
> Thanks
>
Hi,
Glad its just not me !!! Even if you don't know the fix, at least I now know I
haven't gone completely crazy !
For me it more consistent, on OSX its 100% hang, on Windows 10 its 100% hang.
Haven't tried OpenBSD client yet, I've been too busy putting emergency
workarounds in place to bypass the site-to-site stuff. Will try OpenBSD client
though when I get a chance.
Appreciate you taking the time to email ... keep in touch !
