Linux Routing and SSL

I have a Fedora Linux box which I am using for a captive portal.  Basically this is the setup,  I have 3 vlans whose gateways are assigned to eth0.91, eth0.93 and eth0.90.  The traffic is checked by iptables and if the MAC address of client is in iptables then the traffic if forwarded out.

All Windows OS machines can access all sites with no problems.

The problem:

Linux machines will have inconsistent problems with https sites. Some https sites won't load at all, others just authentication problems.  I used Wireshark at the point of authentication and the client machine will try to transmit the same packet 5-6 times, with no reply from the https site.  After these 5-6 tries, the https site will send a RST, ACK packet back to the Linux system. Then the page will time out.  But I can reload the https site again with no problems, but still cannot authenticate. HTTP, ping, tracert all work, all the time.  

What is the difference here between the Linux OS and Windows OS that would treat https packets differently?
LVL 6
Mick FinleyNetwork EngineerAsked:
Who is Participating?
 
pilson66Connect With a Mentor Commented:
try this:
iptables -t filter -A FORWARD -p tcp -m tcp --tcp-flags SYN,RST SYN -m tcpmss --mss 900:1536 -j TCPMSS --clamp-mss-to-pmtu
0
 
Mick FinleyNetwork EngineerAuthor Commented:
Ok...You pointed me in the right direction.

Here is the fix:

change the MTU on the Linux client machine to anything below 1492 and it all functions as expected.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.