From: "Massimo S." <ecs-isp@2rosenthals.com>
Received: from [192.168.100.201] (HELO mail.2rosenthals.com)
  by 2rosenthals.com (CommuniGate Pro SMTP 5.4.10)
  with ESMTPS id 1624142 for ecs-isp@2rosenthals.com; Wed, 13 Jan 2021 13:03:41 -0500
Received: from [192.168.200.201] (port=58572 helo=mail2.2rosenthals.com)
	by mail.2rosenthals.com with esmtp (Exim 4.82_1-5b7a7c0-XX)
	(envelope-from <ml@ecomstation.it>)
	id 1kzkUU-0008VR-2g
	for ecs-isp@2rosenthals.com; Wed, 13 Jan 2021 13:03:30 -0500
Received: from mail2.quasarbbs.net ([80.86.52.115]:10158)
	by mail2.2rosenthals.com with esmtp (Exim 4.82_1-5b7a7c0-XX)
	(envelope-from <ml@ecomstation.it>)
	id 1kzkPa-0006wj-2n
	for ecs-isp@2rosenthals.com; Wed, 13 Jan 2021 12:58:27 -0500
Received: from [192.168.10.199] (dtp [192.168.10.199]) by srv2 (Weasel v2.74)
  for <ecs-isp@2rosenthals.com>; 13 Jan 2021 18:52:29 
X-CTCH-RefID: str=0001.0A742F25.5FFF35F2.0087,ss=1,re=0.000,recu=0.000,reip=0.000,cl=1,cld=1,fgs=0
X-CTCH-RefID: str=0001.0A742F23.5FFF34C3.0014,ss=1,re=0.000,recu=0.000,reip=0.000,cl=1,cld=1,fgs=0
To: eCS ISP Mailing List <ecs-isp@2rosenthals.com>
Reply-To: ml@ecomstation.it
Subject: issue with Injoy FW (4.2.2) and a VPN tunnel
Organization: eComStation dot it
Message-ID: <befe1f74-acae-019f-c824-4490eaa264e6@ecomstation.it>
Date: Wed, 13 Jan 2021 18:52:25 +0100
User-Agent: Mozilla/5.0 (OS/2; U; Warp 4.5; it-IT; rv:1.7.13) Gecko/20060424
 Thunderbird/1.0.8 Mnenhy/0.7.4.0
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-15; format=flowed
Content-Language: it-IT
Content-Transfer-Encoding: 7bit

Hi all,

i've an issue with an Injoy FW VPN tunnel:


SITE A
SITE B
SITE C

SITE A communicate correctly with SITE C and of course SITE C to SITE A

SITE B communicate correctly with SITE A and of course SITE A to SITE B

SITE B and SITE C have issues i can ping everything in the 2 lans
from lan of SITE B to lan of SITE C and viceversa

but all protocols have issues
it seems that only very small packets do work between SITE B and SITE C
(and viceversa)

e.g. if a copy from a folder a very small file (e.g. 1KiloByte file) from
SITE C to SITE B it works
if i copy a bigger file it does not work and it seems to wait forever

in the past SITE B to SITE C and vice versa communications worked correctly

both SITE B and SITE C (like also SITE A) use MD5 as auth header
and 3DES as encrpytion, ip compression DEFLATE
preshared secret and client-Xauth

i've of course tried to disable compression, but nothing changes/no improvement

i'm running out of idea
it seems like an MTU issue
the 2 FW machines runs eCS2.2b and have MTU 1500 on the WAN and lan NIC
and that's the right MTU as also suggested by the ISP


any help?

thanks

massimo