I''ve been exercising the IPsec some more today and I changed from just
accessing zones around the firewall to using the tunnel as default route
for some of the road warriors
Subsequently, road warriors observed MTU problems, e.g. accessing both
google.com and yahoo.com fails
I tried putting mss=1400 in /etc/shorewall/zones (the value suggested in
the documentation) but this didn''t resolve it for me - then I tried
lower values, it seems to work for me with mss=1350. Maybe you can add
a little more detail to the IPsec page:
http://www.shorewall.net/IPSEC-2.6.html
The easiest thing for users would be to start with a smaller and really
conservative value (e.g. 1024) so that it "just works" for people
following the guide, even if it is not the most efficient.
------------------------------------------------------------------------------
This SF.net email is sponsored by Windows:
Build for Windows Store.
http://p.sf.net/sfu/windows-dev2dev