Project

General

Profile

Actions

Bug #7779

open

Traffic crossing a site-to-site OpenVPN tunnel fails to fragment.

Added by Steve Wheeler about 4 years ago. Updated 5 months ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
OpenVPN
Target version:
-
Start date:
08/16/2017
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Default
Affected Version:
All
Affected Architecture:

Description

In some circumstances traffic crossing an OpenVPN site-to-site tunnel with packets larger that the local network MTU can fail to fragment correctly leaving the local interface.

Traffic is fragmented correctly crossing the tunnel in either direction so if you hit this issue you will be able to, for example, ping with large packets a remote pfSense LAN interface IP but not anything else on that LAN subnet.

A work-around for this issue is to assign and enable the OpenVPN interface at the failing end. After that pf will add rules to that traffic and fragment packets correctly.

Actions

Also available in: Atom PDF