Recently tried setting up a site-to-site VPN for on prem equipment behind NAT. The VPN comes up but only certain traffic works over the VPN. There’s no errors in the VPN logs, no errors on the tunnel interface certain traffic just doesn’t go through.
I’m able to SSH over the tunnel, I can perform DNS lookups but HTTPS/Web traffic is broken, doesn’t go through. I’ve checked using NMAP it shows ports are open and listening on the oracle side but if I try loading a page in a browser the connection times out. Same setup on same hardware works if my firewall is not behind NAT.
MTU is not manually set, I just left it as the default value. The tunnel MTU on my firewall is 1438, I’m not sure what the default MTU is on the Oracle cloud side.
This definitely seems like it’s the issue. The only part I’m not clear on is what needs to change to fix the PMTUD issue.
*Edit: Fixed it, MTU on my firewall’s WAN interface was too large. MTU was set to 1500 on WAN, ISP connection is pppoe so the MTU needed to be lower. Manually set MTU on WAN interface to 1492, that seems to have done it.