OpenWrt IKEv2 NAT traversal (or similar) problem
peter at chocky.org
Wed May 31 12:12:10 PDT 2023
On 5/31/23 10:20, Peter Naulls wrote:
> On 5/30/23 21:09, Yousong Zhou wrote:
>> On Wed, 31 May 2023 at 06:38, Peter Naulls <peter at chocky.org> wrote:
Thanks for you patience, more:
I ran the connection instead over a wired WAN connection instead of the cell
WWAN link, and the problem is the same. This points the finger rather squarely
at packet processing/forwarding or similar on OpenWrt.
I did find some reference to some similarish problems - in almost all the
searches I've done, the VPN is initiated on the Linux router, however - but
there's some suggestion that MTU/MSS is implicated - I've rather severely
limited MTU on all the interfaces in OpenWrt as well as the physical and
VPN interfaces in Windows to no avail.
The fetch can be done in Windows to http://www.yahoo.com (instead of https),
which of course normally results in an HTTP redirect - this makes the
transaction a bit smaller, since no attempt at TLS. In this case, curl
does send the HTTP headers, but there's no response, and the issues
with the "missing" packet that I described earlier is still ultimately seen
on the VPN interface.
I realize that since it's UDP, that duplicated and missing packets are
entirely possible, but could it be that this happens in a 100% repeatable
fashion in some cases? That would be strange, certainly.
More information about the openwrt-devel