This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

IPSEC Site to Site tunnel issue after upgrading to 9.5

We have a central office with multiple satellite branches, each with a site to site IPSEC tunnel back to the central office. The one branch we were testing with 9.5 is having trouble with the IPSEC tunnel.

It feels like an MTU issue, but even after clamping MSS to 1000 (well below the actual MTU limit of 1492), the problem still persists, and I can confirm that no large packets are being sent.

I can ping with all sorts of packet sizes without issue, and PMTU seems to work like it should, but if I try and scp or smbclient any files from the branch UTM to a server at the central office the communications just hang, so the nightly log upload is not working.

I haven't tested anything behind the branch router so I don't know if its only the branch router itself having problems.

Has anyone seen anything like this with 9.5?

Thanks

James



This thread was automatically locked due to age.
  • After gathering some more information it turns out that the issue is nothing to do with the update.

    "Bind Tunnel to Local Interface" was ticked for that VPN tunnel. After unticking, all traffic flows normally and everything works.

    Thanks

    James

  • When you select 'Bind Tunnel to Local Interface', you must create your own routes, James.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA