Ipsec on Apuntes de root

IPsec and PMTU problems

jorti@pm.me (Juan Orti Alcaine) — Wed, 19 Nov 2014 00:00:00 +0000

This post has a very good explanation of the problems I’ve been suffering with my IPsec tunnels recently:

MTU woes in IPsec tunnels and how you can fix it

Two things have fixed my stalled transmissions over IPsec tunnels:

Clamping the MSS of the IPsec connections to 1280
Setting the sysctl net.ipv4.tcp_mtu_probing=1

As seen in this post, the values of net.ipv4.tcp_mtu_probing are:

IPsec server in OpenWrt (II)

jorti@pm.me (Juan Orti Alcaine) — Fri, 07 Mar 2014 00:00:00 +0000

This is an update of my previous post about configuring IPsec in OpenWrt.

The network scenario I’m describing is a central OpenWrt router with 2 internal LANs, plus 2 external hosts connected with VPN and some roadwarriors with all their traffic redirected through the IPsec tunnel.

IPsec server in OpenWrt

jorti@pm.me (Juan Orti Alcaine) — Wed, 01 May 2013 00:00:00 +0000

NOTE: Please, check this updated post about this topic.

I have configured a IPsec server in my OpenWrt router to use it from my Android device when I am connected to an untrusted network. Previously I’ve used OpenVPN, but it drains too much battery, so I want to test if this solution, which is integrated in Android, works better.

I have taken the configuration from the OpenWrt Wiki.