connecting an EE Signalbox via Hitron CGN4 on VMB?
On Virgin Media Business and trying to connect an EE Signalbox via the Hitron CGN4. The signalbox is basically a small 3G cell that connects to the core network via an IPSec tunnel and provides 3G coverage in difficult areas.
I am unable to make it work -- it simply flashes fast green which means it's trying to connect. I suspect that the IPSec tunnel is not being established.
Documentation says it uses IKEv2/IPSec on UDP ports 500/4500.
Re: connecting an EE Signalbox via Hitron CGN4 on VMB?
I'm gonna have to reply to my own post. But it may help others.
Preliminary investigation shows that the MTU on this connection is 1300. Now that in itself might be OK and any packets larger than this with the DF (don't fragment) bit set result in an ICMP "Fragmentation Needed but DF is set" error.
The real problem is that it appears the Hitron silently discards packets larger than 1300 bytes when the DF bit is not set. And it so happens that the IKEv2 IKE_AUTH response (over NAT traversal UDP/4500) is a large packet that never makes it back to the Signalbox.