So I have a really weird issue I’m pulling my hair out about. I have a macbook with GlobalProtect VPN on it and behind my pfsense box (which is the router for my whole apartment) it can connect to the endpoint, however while connected to the vpn it cannot complete an ssh connection or an SSL handshake (maybe other things, but the resources behind the VPN I’m trying to access only offer these).
If I take an ethernet dongle and connect my macbook directly to the internet (bypassing pfsense et al) it all works. If I use my pocket wifi it all works. I’m not sure what’s going on.
The SSH one is particularly weird because it can do some of the initial handshake like get the host key, but hangs when it’s time to show me the password prompt/complete the client key handshake.
Any insight would be appreciated, thank you.
Edit: Setting the MTU on the tun interface for GP to 1300 has fixed the problem.
It’s a full tunnel (as much as I’d like it to be split, I have no control over this one). My local is a 192.168 and the remotes are 10.0 so they’re different.
I’ve seen some weird things happen when IP fragmentation occurs (eg. MTU is too big). Maybe you can try to decrease the MTU on the GP interface to something like 1300 and see if the issue still occur.
setting the mtu to 1300 (from 1400 on the tun) worked. That’s so weird and such a dumb simple ‘fix’ for something I’ve been pulling my hair out about for a few days.