Project

General

Profile

Issue #3144

IKEv2 connected but no internet on some internets/modems

Added by Farhad Sakhaei 12 days ago. Updated 11 days ago.

Status:
Feedback
Priority:
Normal
Assignee:
-
Category:
configuration
Affected version:
5.8.0
Resolution:

Description

I set up the StrongSwan and IKEv2 as remote access on CentOS 7, And it is working great but on some internets (not all, most ADSL modems or 4G modems) it connects but there is no internet access on the VPN connection

I am using eap-mschapv2, and also I used forwarding rules for iptables

I put the sim card of the 4g modem in my phone and I could connect using my mobile phone, But it seems there is a problem with some such modems, I had the same problem with another ADSL modems

config setup
    uniqueids = never
conn %default
    compress = yes
    left = %any
    leftsubnet = 0.0.0.0/0
    leftfirewall = yes
    right = %any
    rightsourceip = 10.1.0.0/16
    rightid = %any
    leftdns = 8.8.8.8,8.8.4.4
    rightdns = 8.8.8.8,8.8.4.4
conn IKEv2-EAP
    esp = aes256-sha256,aes256-sha1,3des-sha1!
    ike = aes256-sha256-modp2048,aes256-sha1-modp2048,aes128-sha1-modp2048,3des-sha1-modp2048,aes256-sha256-modp1024,aes256-sha1-modp1024,aes128-sha1-modp1024,3des-sha1-modp1024!
    leftauth = pubkey
    leftca = "C=US, O=StrongSwan VPN, CN=StrongSwan VPN CA" 
    leftcert = server.cert.pem
    leftsigkey = server.pub.pem
    leftid = myserver.com
    rightauth = eap-mschapv2
    rightsendcert = never
    eap_identity = %any
    fragmentation = yes
    rekey = no
    auto = add

I can donate for any support too
Appreciate for any help

History

#1 Updated by Tobias Brunner 12 days ago

  • Status changed from New to Feedback
  • Priority changed from High to Normal

but on some internets (not all, most ADSL modems or 4G modems) it connects but there is no internet access on the VPN connection

May be related to MTU/MSS or blocking of (UDP-encapsulated) ESP packets by the ISP.

I put the sim card of the 4g modem in my phone and I could connect using my mobile phone

Still using 4G? Same provider/ISP?

#2 Updated by Farhad Sakhaei 11 days ago

Tobias Brunner wrote:

May be related to MTU/MSS or blocking of (UDP-encapsulated) ESP packets by the ISP.

Still using 4G? Same provider/ISP?

Yes, Same connection but different modem (4G modem and my phone)
I contacted to my modem support (TP-LINK) they mentioned about "fast nat", I am following this subject for now,
And I will update this ticket

Also available in: Atom PDF