Ipsec

This post has a very good explanation of the problems I’ve been suffering with my IPsec tunnels recently:

MTU woes in IPsec tunnels and how you can fix it

Two things have fixed my stalled transmissions over IPsec tunnels:

1. Clamping the MSS of the IPsec connections to 1280
2. Setting the sysctl net.ipv4.tcp_mtu_probing=1

As seen in this post, the values of net.ipv4.tcp_mtu_probing are:

This is an update of my previous post about configuring IPsec in OpenWrt.

The network scenario I’m describing is a central OpenWrt router with 2 internal LANs, plus 2 external hosts connected with VPN and some roadwarriors with all their traffic redirected through the IPsec tunnel.

NOTE: Please, check this updated post about this topic.

I have configured a IPsec server in my OpenWrt router to use it from my Android device when I am connected to an untrusted network. Previously I’ve used OpenVPN, but it drains too much battery, so I want to test if this solution, which is integrated in Android, works better.

I have taken the configuration from the OpenWrt Wiki.