<html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"></head><body dir="auto"><div>check with: ip route list</div><div>when tunnel is up.</div><div>ping uses icmp, not the best for checking mtu <br><br>sent from a tiny device </div><div><br>On 2013-09-13, at 4:23, "Ozai" <<a href="mailto:ozai.tien@gmail.com">ozai.tien@gmail.com</a>> wrote:<br><br></div><blockquote type="cite"><div>
<meta content="text/html; charset=iso-8859-1" http-equiv="Content-Type">
<meta name="GENERATOR" content="MSHTML 8.00.6001.23520">
<style></style>
<div><font color="#0000ff" face="Verdana">Hi Sirs,</font></div>
<div><font color="#0000ff" face="Verdana"></font> </div>
<div><font color="#0000ff" face="Verdana">Only add mtu= in the conn as below.It did
not seem to work.</font></div>
<div><font color="#0000ff" face="Verdana">I try to ping peer site ipsec router from
our lan site pc.(test environment as below) </font></div>
<div><font color="#0000ff" face="Verdana">ping -l 1200 195.168.11.X </font></div>
<div><font color="#0000ff" face="Verdana">And try to capture wan site packet to
check.</font></div>
<div><font color="#0000ff" face="Verdana">I found the packet size always keep on
12XX.It did not seem to fragment the packet.</font></div>
<div><font color="#0000ff" face="Verdana"></font> </div>
<div><font color="#0000ff" face="Verdana">Do you have any suggestions on this
question??Thank's.</font></div>
<div><font color="#0000ff" face="Verdana">And Sorry for my poor
English.</font></div>
<div><font color="#0000ff" face="Verdana"></font> </div>
<div><font color="#0000ff" face="Verdana">config
setup<br>
nat_traversal=no<br>
oe=off<br>
protostack=netkey<br>
interfaces=%defaultroute</font></div>
<div><font color="#0000ff" face="Verdana"></font> </div>
<div><font color="#0000ff" face="Verdana">conn
test<br>
left=182.16.23.74<br>
leftsubnet=195.168.12.0/24<br>
rightsubnet=195.168.11.0/24<br>
connaddrfamily=ipv4<br>
right=182.16.23.108<br>
ike=3des-md5;modp1024<br>
ikelifetime=480m<br>
type=tunnel<br>
salifetime=60m<br>
phase2alg=3des-hmac_md5<br>
pfs=no<br>
phase2=esp<br>
mtu=1000<br>
keyexchange=ike<br>
authby=secret<br>
auto=add</font></div>
<div><font color="#0000ff" face="Verdana"></font> </div>
<div><font color="#0000ff" face="Verdana">peer ipsec------(wan site
182.16.23.X)--------openswan-------(lan site
195.168.12.X)--------pc</font></div>
<div><font color="#0000ff" face="Verdana"> </font></div>
<div><font color="#0000ff" face="Verdana">Best Regards,</font></div>
<div><font color="#0000ff" face="Verdana">Ozai</font></div>
<blockquote style="BORDER-LEFT: #0000ff 2px solid; PADDING-LEFT: 5px; PADDING-RIGHT: 0px; MARGIN-LEFT: 5px; MARGIN-RIGHT: 0px">
<div style="FONT: 10pt 新細明體">----- Original Message ----- </div>
<div style="FONT: 10pt 新細明體; BACKGROUND: #e4e4e4; font-color: black"><b>From:</b>
<a title="letoams@gmail.com" href="mailto:letoams@gmail.com">Leto</a> </div>
<div style="FONT: 10pt 新細明體"><b>To:</b> <a title="n1ck.h0w1tt@gmail.com" href="mailto:n1ck.h0w1tt@gmail.com">Nick Howitt</a> </div>
<div style="FONT: 10pt 新細明體"><b>Cc:</b> <a title="users@lists.openswan.org" href="mailto:users@lists.openswan.org">users@lists.openswan.org</a> </div>
<div style="FONT: 10pt 新細明體"><b>Sent:</b> Friday, September 13, 2013 12:20
AM</div>
<div style="FONT: 10pt 新細明體"><b>Subject:</b> Re: [Openswan Users] Set MTU on
netkey</div>
<div><font color="#0000ff" size="2" face="Verdana"></font><font color="#0000ff" size="2" face="Verdana"></font><br></div>
<div>no. overridemtu= is klips only and works on the ipsecX interface. mtu= is
passed via _updown to ip route - works on all stacks <br><br>sent from a
tiny device </div>
<div><font color="#0000ff" size="2" face="Verdana"></font><font color="#0000ff" size="2" face="Verdana"></font><br>On 2013-09-12, at 9:27, Nick Howitt <<a href="mailto:n1ck.h0w1tt@gmail.com">n1ck.h0w1tt@gmail.com</a>>
wrote:<br><br></div>
<blockquote type="cite">
<div>
<p>Isn't mtu on the conn in klips only? Not netkey.</p>
<p>On 2013-09-12 14:18, Leto wrote:</p>
<blockquote style="BORDER-LEFT: #1010ff 2px solid; PADDING-LEFT: 5px; MARGIN-LEFT: 5px" type="cite"><!-- html ignored --><!-- head ignored --><!-- meta ignored -->
<div>mtu= in the conn should do that<br><br>sent from a tiny
device </div>
<div><br>On 2013-09-12, at 3:00, "Ozai" <<a href="mailto:ozai.tien@gmail.com">ozai.tien@gmail.com</a>>
wrote:<br><br></div>
<blockquote style="BORDER-LEFT: #1010ff 2px solid; PADDING-LEFT: 5px; MARGIN-LEFT: 5px" type="cite">
<div><!-- meta ignored -->
<div>
<div><span style="FONT-FAMILY: Verdana; COLOR: #0000ff; FONT-SIZE: small">Dear
Sirs,</span></div>
<div><span style="FONT-FAMILY: Verdana; COLOR: #0000ff; FONT-SIZE: small"></span> </div>
<div><span style="FONT-FAMILY: Verdana; COLOR: #0000ff; FONT-SIZE: small">How do I
set the mtu for the IPSec tunnel?My test environment is
openswan 2.6.38 with embedded linux and protostack is
netkey.iptables??Can someone point me in the right
direction?Thank's.</span></div>
<div><span style="FONT-FAMILY: Verdana; COLOR: #0000ff; FONT-SIZE: small"></span> </div>
<div><span style="FONT-FAMILY: Verdana; COLOR: #0000ff; FONT-SIZE: small">Best
Regards,</span></div>
<div><span style="FONT-FAMILY: Verdana; COLOR: #0000ff; FONT-SIZE: small">Ozai</span></div></div></div></blockquote>
<blockquote style="BORDER-LEFT: #1010ff 2px solid; PADDING-LEFT: 5px; MARGIN-LEFT: 5px" type="cite">
<div><span>_______________________________________________</span><br><span><a href="mailto:Users@lists.openswan.org">Users@lists.openswan.org</a></span><br><span><a href="https://lists.openswan.org/mailman/listinfo/users">https://lists.openswan.org/mailman/listinfo/users</a></span><br><span>Micropayments:
<a href="https://flattr.com/thing/38387/IPsec-for-Linux-made-easy">https://flattr.com/thing/38387/IPsec-for-Linux-made-easy</a></span><br><span>Building
and Integrating Virtual Private Networks with
Openswan:</span><br><span><a href="http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155">http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155</a></span></div></blockquote><!-- html ignored --><br><pre>_______________________________________________
<a href="mailto:Users@lists.openswan.org">Users@lists.openswan.org</a>
<a href="https://lists.openswan.org/mailman/listinfo/users">https://lists.openswan.org/mailman/listinfo/users</a>
Micropayments: <a href="https://flattr.com/thing/38387/IPsec-for-Linux-made-easy">https://flattr.com/thing/38387/IPsec-for-Linux-made-easy</a>
Building and Integrating Virtual Private Networks with Openswan:
<a href="http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155">http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155</a>
</pre></blockquote></div></blockquote>
<blockquote type="cite">
<div><span>_______________________________________________</span><br><span><a href="mailto:Users@lists.openswan.org">Users@lists.openswan.org</a></span><br><span><a href="https://lists.openswan.org/mailman/listinfo/users">https://lists.openswan.org/mailman/listinfo/users</a></span><br><span>Micropayments:
<a href="https://flattr.com/thing/38387/IPsec-for-Linux-made-easy">https://flattr.com/thing/38387/IPsec-for-Linux-made-easy</a></span><br><span>Building
and Integrating Virtual Private Networks with Openswan:</span><br><span><a href="http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155">http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155</a></span><br></div></blockquote>
<p>
</p><hr>
<p></p>_______________________________________________<br><a href="mailto:Users@lists.openswan.org">Users@lists.openswan.org</a><br><a href="https://lists.openswan.org/mailman/listinfo/users">https://lists.openswan.org/mailman/listinfo/users</a><br>Micropayments:
<a href="https://flattr.com/thing/38387/IPsec-for-Linux-made-easy">https://flattr.com/thing/38387/IPsec-for-Linux-made-easy</a><br>Building and
Integrating Virtual Private Networks with
Openswan:<br><a href="http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155">http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155</a><br></blockquote>
</div></blockquote></body></html>