Bug #10682
closed
Routed IPSEC VTI - Packets with higher MTU (above Interface MTU) are DROPPED, fragmentation is done wrong on the destination LAN Interface
0%
Description
Hi,
Packets with higher MTU (above the destination LAN's Interface MTU) are DROPPED, after they are fragmented correctly and received through the IPSEC tunnel, seems that fragmentation is done wrong on the destination LAN Interface. The packets get reassembled and sent out the destination LAN side interface with the total MTU size instead of keeping the fragmentation, ignoring the MTU of the interface. I switched to IPSEC Routed VTI because of the advantages of dynamic routing (FRR OSPF) that I have between sites. A lot of VoIP traffic is dropped because of the higher MTU that needs to be sent. I made a capture using ICMP with highed MTU (2000) and the DF bit NOT set.
My setup consists of two bare metal PFSense boxes running version 2.4.5 RELEASE 1, I enabled IPSEC Routed VTI site-to-site VPN between them.
Diagram:
PC1----------------LANWAN-----------WANLAN-----------------PC2
(192.168.2.100)---------------------IPSEC---------------------(192.168.1.100)
Files
Updated by Jim Pingle about 5 years ago
- Status changed from New to Duplicate
- Assignee deleted (
Andrei Boghiu) - Priority changed from High to Normal
Most likely the same root cause as #7801