> On 2023-08-14, latin...@vcn.bc.ca <latin...@vcn.bc.ca> wrote: >> Something magic had happend after reboot! lkev2 is working > > iked/isakmpd keys are created at boot if they don't exist. > >> BTW at the >> client i can not use Web Browser?, the ssh connection did not stop >> working. > > <consults crystal ball>
Hello Stuart The situation is: that being connected with ikev2 to my server, ssh is not disconnected as with Wireguard, but it is supposed that all traffic should go by ikev2! I am looking on pf.conf, but i can not imagine how to send lo1/enc0 by ikev2. > > If you're able to fetch small pages over http (*not* https), such as > http://www.openbsd.org/grp-tmpl.txt, then you probably have an > MTU (packet size) problem, if so then you could try something > like this near the top of pf.conf to cap the size of TCP packets > as a workaround (make sure you don't use "set skip on enc0" for > this to be used) > > match on enc0 scrub (max-mss 1300 no-df) > > -- > Please keep replies on the mailing list. > No everything goes by normal ip. Not by ikev2. thanks.
