dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
16
share rss forum feed


meowBB

join:2002-01-21
Hayward, CA

1 recommendation

reply to Brano

Re: Can't access USG web via VPN

said by Brano:

Anybody accessing USG via IPSec site-to-site that can confirm the access works or not? ...that would really help me before I reset the machine to defaults.

I simply can't access the USG WEB GUI (FW 3.0) from IPSec site-to-site VPN. Tried two tunnels. The web page starts loading then freezes indefinitely. SSH and other services work OK.

What are the types of your connection? Any encapsulation, eg PPoE on one side?
I got the exact same issue. The issue is resolved by changing the MSS and checked the 'Ignore "Don't Fragment" setting in IP header"' on the "VPN Connection" page.


Brano
I hate Vogons
Premium,MVM
join:2002-06-25
Burlington, ON
kudos:11
Thanks, I'll play with that.
My connection is PPPoE on my side. I've tested with multiple ends on PPPoE and plain Ethernet.


Brano
I hate Vogons
Premium,MVM
join:2002-06-25
Burlington, ON
kudos:11
Reviews:
·TekSavvy DSL
·Bell Fibe
reply to meowBB
said by meowBB:

The issue is resolved by changing the MSS and checked the 'Ignore "Don't Fragment" setting in IP header"' on the "VPN Connection" page.

I 'hate' you! ... you know how much time I spent debugging and sniffing the traffic and didn't catch this?!#!

The "Ignore "Don't Fragment" setting in packet header" did the trick! Didn't even have to tinker with MSS.

THANK YOU, SIR!!!

Now the question, is this FW 3.0 bug or not? It was working on 2.2 without this having checked. Or was 2.2 buggy?


Anav
Sarcastic Llama? Naw, Just Acerbic
Premium
join:2001-07-16
Dartmouth, NS
kudos:5
Haha, chicken or egg luv it.


meowBB

join:2002-01-21
Hayward, CA
reply to Brano
I don't know if this issue starts on v3 or not since I upgraded my other end to usg20 which I flashed it to v3 right after I opened the box. I almost lost my faith in Zyxel before I found the solution.