Hi guys.
I successully setup l2l ipsec VPN between openwrt 15.5.1 and cisco router 891f
pase 1 and 2 sucess fully negotiated. Tunnel up but whenever I try to send big packet to openwrt router within tunnel VPN session freeze:
+++++++++
[sam@st2 ~]$ ssh sam@192.168.173.1
sam@192.168.173.1's password:
BusyBox v1.23.2 (2016-01-02 18:01:44 CET) built-in shell (ash)
-----------------------------------------------------
CHAOS CALMER (15.05.1, r48532)
-----------------------------------------------------
sam@a81m2:~$ ifconfig
br-lan Link encap:Ethernet HWaddr E8:DE:27:FF:9F:43
inet addr:192.168.173.1 Bcast:192.168.173.15 Mask:255.255.255.240
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1833 errors:0 dropped:0 overruns:0 frame:0
TX packets:1441 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:233808 (228.3 KiB) TX bytes:515241 (503.1 KiB)
eth0 Link encap:Ethernet HWaddr E8:DE:27:FF:9F:43
<<<<<<<<< freeze here >>>>>>>>>> till I kill ssh process
+++++++++
meantime I have no issues accessing openwrt box wia outside interface public IP.
So I assume this is tunnel MTU. As far as I know if ipsec iis not using tunnel interface it inherits MTU settings from public interface.
I setup MTU 1300 (if was previously 1500 by default) for openwrt box public subinterface:
++++++++++++++++
root@a81m2:/home/sam# ifconfig eth0.2 mtu 1300 up
root@a81m2:/home/sam#
root@a81m2:/home/sam# ifconfig eth0.2
eth0.2 Link encap:Ethernet HWaddr E8:DE:27:FF:9F:43
inet addr:192.206.xxx.yyy Bcast:192.206.xxx.yyy Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1300 Metric:1
RX packets:3125040955 errors:0 dropped:1941194 overruns:0 frame:0
TX packets:4449468 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:53453837212 (149.7 GiB) TX bytes:597384687 (869.7 MiB)
root@a81m2:/home/sam#
++++++++++++++++
but I still experiencing freezes wile sending big packets.
iis it possible I hit fragmentation issue now? what do you think?
Thank you guys.