Hi all,
I'm getting to the point where I don't really know where to turn. I am
having a weird problem with an OpenBSD server/firewall that has a
permament IPSec tunnel to a checkpoint embedded security device. The
problem is, that half the time large packets can't get through. I've
trial and error'ed (via windows ping -l) that ping packets 1306 bytes
get through all the time, while packets > 1306 (even 1307) only get
through half the time. Not half the time like 50% loss, but like it
works for hours, then doesn't for 10 minutes.
I only have control of one half of the connection (unfortunately), and
am kind of lost. I have a rudimentary understanding of IP, so do
understand things like MTU's & fragementation, and things like VPN
adding packet overhead that reduces the effective MTU. I just don't
really know where to start tracking this down. I guess I don't
understand enough (any?) about how this part of the tunnel works under
the covers.
Can anyone help maybe point me in a direction? My ruleset is default
deny with log, and nothing is being dropped. pfctl -x loud doesn't
reveal anything. I pass everything to/from the VPN. My network
configuration is unfortunately kind of complex. I have vlan's and carp's
on those vlan's so I'll refrain from trying to describe the setup unless
its necessary.
Hopefully thanks in advance :)
Tim
