Discussion:
[strongSwan] Server Not Decrypting on a Cellular Connection
Jody Whitesides
2018-07-17 18:30:31 UTC
Permalink
I’m having an issue where Strongswan is unable to decrypt websites or serve email to a cell phone that is connected to the VPN of said server via a cellular connection. However, when the phone is connected to the VPN via WiFi, the VPN is able to serve the websites and email just fine. Is there a reason as to why a Cellular connection to the server/VPN would result in the connection not decrypting it’s own websites and email to the device?

BTW - all other traffic thru the VPN works just fine on a cellular connection.

Thank you for any insight,

Jody
Tobias Brunner
2018-07-18 14:34:48 UTC
Permalink
Hi Jody,
I’m having an issue where Strongswan is unable to decrypt websites or serve email to a cell phone that is connected to the VPN of said server via a cellular connection. However, when the phone is connected to the VPN via WiFi, the VPN is able to serve the websites and email just fine. Is there a reason as to why a Cellular connection to the server/VPN would result in the connection not decrypting it’s own websites and email to the device?
BTW - all other traffic thru the VPN works just fine on a cellular connection.
Could be due to a lower MTU over cellular connections vs. WiFi. That
might cause all kinds of problems with PMTUD, IP fragments etc. A
possible workaround for this is using MSS clamping, have a look at [1]
for some pointers.

Regards,
Tobias

[1]
https://wiki.strongswan.org/projects/strongswan/wiki/ForwardingAndSplitTunneling#MTUMSS-issues
Continue reading on narkive:
Loading...