VPN

[TCP Previous Segment Lost]

Hi,

I have configured my vpn in the below mentioned manner...

Site A :
Network : 10.115.0.0/16, Network Gateway : 10.115.1.1 ( Core Switch )
Mono LAN : 10.115.10.10/16
vpn LocalNet/Remote Net : LocalNet/10.57.1.0/24

There is a route on the core switch for network 10.57.1.0/24 gw 10.115.10.10

Site B :
Network : 10.57.1.0/24
Mono LAN : 10.57.1.1/24 ( this is the gateway for the LAN )
vpn LocalNet/Remote Net : LocalNet / 10.115.0.0/16

Now the issue is, i cannot access any resource on the Site A Network fully... Mean, HTTP/SSH/Telnet Connections breaks....

- HTTP, After the user/pass i cannot see the website..
- SSH, When i login to any linux box, the connection hangs after 10secs..
- Telnet, Same as ssh..

When i do a packet capture of the connections, I see there is a RED Line indicating "TCP Previous Segment Lost" ... But my Ping is continuously on with no issues...

Just to rule out any routing issues, i added a direct route on the web/ssh server and same results...

Did anyone had any of these issues.... i have attached a packet capture from my machine...

Chetan Jain

This is MTU related, m0n0 will create a PMTUD black hole in some circumstances with IPsec. If you're using 1.2x, I suggest trying 1.3 as it may be better about that.

I made a post about this cause iam having the same problem. The tunnel is up but is very slow. I did change the MTU on a host behind Monowall to 1400 and after that it works like a charm.