What can cause an iOS device to be able to connect to IKEv2/IPsec VPN over LTE but not browse most websites?

Question

Everything works fine over Wi-Fi.

I tried disabling IPv6 using a provisioning profile.

I tried on two different devices (iPhone 6 and current iPhone SE) using the same VPN provisioning profile (each device on its own LTE carrier).

sunknudsen · Accepted Answer · 2020-07-17 01:05:15Z

1

Figured it out! It was a MTU issue.

The following iptables rules saved the day!

-A FORWARD -p tcp -m policy --dir in --pol ipsec -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --set-mss 1280
-A FORWARD -p tcp -m policy --dir out --pol ipsec -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --set-mss 1280

answered Jul 17, 2020 at 1:05

sunknudsen

7415 gold badges18 silver badges30 bronze badges

Add a comment |

Stack Exchange Network

What can cause an iOS device to be able to connect to IKEv2/IPsec VPN over LTE but not browse most websites?

1 Answer 1

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged
vpn
ipsec
strongswan
ikev2
.

Hot Network Questions

What can cause an iOS device to be able to connect to IKEv2/IPsec VPN over LTE but not browse most websites?

1 Answer 1

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged vpnipsecstrongswanikev2.

Related

Hot Network Questions

Not the answer you're looking for? Browse other questions tagged
vpn
ipsec
strongswan
ikev2
.