<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META content="text/html; charset=iso-8859-1" http-equiv=Content-Type>
<META name=GENERATOR content="MSHTML 8.00.6001.23520">
<STYLE></STYLE>
</HEAD>
<BODY dir=auto bgColor=#ffffff>
<DIV><FONT color=#0000ff face=Verdana>Hi Sirs,</FONT></DIV>
<DIV><FONT color=#0000ff face=Verdana></FONT> </DIV>
<DIV><FONT color=#0000ff face=Verdana>Only add mtu= in the conn as below.It did
not seem to work.</FONT></DIV>
<DIV><FONT color=#0000ff face=Verdana>I try to ping peer site ipsec router from
our lan site pc.(test environment as below) </FONT></DIV>
<DIV><FONT color=#0000ff face=Verdana>ping -l 1200 195.168.11.X </FONT></DIV>
<DIV><FONT color=#0000ff face=Verdana>And try to capture wan site packet to
check.</FONT></DIV>
<DIV><FONT color=#0000ff face=Verdana>I found the packet size always keep on
12XX.It did not seem to fragment the packet.</FONT></DIV>
<DIV><FONT color=#0000ff face=Verdana></FONT> </DIV>
<DIV><FONT color=#0000ff face=Verdana>Do you have any suggestions on this
question??Thank's.</FONT></DIV>
<DIV><FONT color=#0000ff face=Verdana>And Sorry for my poor
English.</FONT></DIV>
<DIV><FONT color=#0000ff face=Verdana></FONT> </DIV>
<DIV><FONT color=#0000ff face=Verdana>config
setup<BR>
nat_traversal=no<BR>
oe=off<BR>
protostack=netkey<BR>
interfaces=%defaultroute</FONT></DIV>
<DIV><FONT color=#0000ff face=Verdana></FONT> </DIV>
<DIV><FONT color=#0000ff face=Verdana>conn
test<BR>
left=182.16.23.74<BR>
leftsubnet=195.168.12.0/24<BR>
rightsubnet=195.168.11.0/24<BR>
connaddrfamily=ipv4<BR>
right=182.16.23.108<BR>
ike=3des-md5;modp1024<BR>
ikelifetime=480m<BR>
type=tunnel<BR>
salifetime=60m<BR>
phase2alg=3des-hmac_md5<BR>
pfs=no<BR>
phase2=esp<BR>
mtu=1000<BR>
keyexchange=ike<BR>
authby=secret<BR>
auto=add</FONT></DIV>
<DIV><FONT color=#0000ff face=Verdana></FONT> </DIV>
<DIV><FONT color=#0000ff face=Verdana>peer ipsec------(wan site
182.16.23.X)--------openswan-------(lan site
195.168.12.X)--------pc</FONT></DIV>
<DIV><FONT color=#0000ff face=Verdana> </FONT></DIV>
<DIV><FONT color=#0000ff face=Verdana>Best Regards,</FONT></DIV>
<DIV><FONT color=#0000ff face=Verdana>Ozai</FONT></DIV>
<BLOCKQUOTE
style="BORDER-LEFT: #0000ff 2px solid; PADDING-LEFT: 5px; PADDING-RIGHT: 0px; MARGIN-LEFT: 5px; MARGIN-RIGHT: 0px">
<DIV style="FONT: 10pt 新細明體">----- Original Message ----- </DIV>
<DIV
style="FONT: 10pt 新細明體; BACKGROUND: #e4e4e4; font-color: black"><B>From:</B>
<A title=letoams@gmail.com href="mailto:letoams@gmail.com">Leto</A> </DIV>
<DIV style="FONT: 10pt 新細明體"><B>To:</B> <A title=n1ck.h0w1tt@gmail.com
href="mailto:n1ck.h0w1tt@gmail.com">Nick Howitt</A> </DIV>
<DIV style="FONT: 10pt 新細明體"><B>Cc:</B> <A title=users@lists.openswan.org
href="mailto:users@lists.openswan.org">users@lists.openswan.org</A> </DIV>
<DIV style="FONT: 10pt 新細明體"><B>Sent:</B> Friday, September 13, 2013 12:20
AM</DIV>
<DIV style="FONT: 10pt 新細明體"><B>Subject:</B> Re: [Openswan Users] Set MTU on
netkey</DIV>
<DIV><FONT color=#0000ff size=2 face=Verdana></FONT><FONT color=#0000ff size=2
face=Verdana></FONT><BR></DIV>
<DIV>no. overridemtu= is klips only and works on the ipsecX interface. mtu= is
passed via _updown to ip route - works on all stacks <BR><BR>sent from a
tiny device </DIV>
<DIV><FONT color=#0000ff size=2 face=Verdana></FONT><FONT color=#0000ff size=2
face=Verdana></FONT><BR>On 2013-09-12, at 9:27, Nick Howitt <<A
href="mailto:n1ck.h0w1tt@gmail.com">n1ck.h0w1tt@gmail.com</A>>
wrote:<BR><BR></DIV>
<BLOCKQUOTE type="cite">
<DIV>
<P>Isn't mtu on the conn in klips only? Not netkey.</P>
<P>On 2013-09-12 14:18, Leto wrote:</P>
<BLOCKQUOTE
style="BORDER-LEFT: #1010ff 2px solid; PADDING-LEFT: 5px; MARGIN-LEFT: 5px"
type="cite"><!-- html ignored --><!-- head ignored --><!-- meta ignored -->
<DIV>mtu= in the conn should do that<BR><BR>sent from a tiny
device </DIV>
<DIV><BR>On 2013-09-12, at 3:00, "Ozai" <<A
href="mailto:ozai.tien@gmail.com">ozai.tien@gmail.com</A>>
wrote:<BR><BR></DIV>
<BLOCKQUOTE
style="BORDER-LEFT: #1010ff 2px solid; PADDING-LEFT: 5px; MARGIN-LEFT: 5px"
type="cite">
<DIV><!-- meta ignored -->
<DIV>
<DIV><SPAN
style="FONT-FAMILY: Verdana; COLOR: #0000ff; FONT-SIZE: small">Dear
Sirs,</SPAN></DIV>
<DIV><SPAN
style="FONT-FAMILY: Verdana; COLOR: #0000ff; FONT-SIZE: small"></SPAN> </DIV>
<DIV><SPAN
style="FONT-FAMILY: Verdana; COLOR: #0000ff; FONT-SIZE: small">How do I
set the mtu for the IPSec tunnel?My test environment is
openswan 2.6.38 with embedded linux and protostack is
netkey.iptables??Can someone point me in the right
direction?Thank's.</SPAN></DIV>
<DIV><SPAN
style="FONT-FAMILY: Verdana; COLOR: #0000ff; FONT-SIZE: small"></SPAN> </DIV>
<DIV><SPAN
style="FONT-FAMILY: Verdana; COLOR: #0000ff; FONT-SIZE: small">Best
Regards,</SPAN></DIV>
<DIV><SPAN
style="FONT-FAMILY: Verdana; COLOR: #0000ff; FONT-SIZE: small">Ozai</SPAN></DIV></DIV></DIV></BLOCKQUOTE>
<BLOCKQUOTE
style="BORDER-LEFT: #1010ff 2px solid; PADDING-LEFT: 5px; MARGIN-LEFT: 5px"
type="cite">
<DIV><SPAN>_______________________________________________</SPAN><BR><SPAN><A
href="mailto:Users@lists.openswan.org">Users@lists.openswan.org</A></SPAN><BR><SPAN><A
href="https://lists.openswan.org/mailman/listinfo/users">https://lists.openswan.org/mailman/listinfo/users</A></SPAN><BR><SPAN>Micropayments:
<A
href="https://flattr.com/thing/38387/IPsec-for-Linux-made-easy">https://flattr.com/thing/38387/IPsec-for-Linux-made-easy</A></SPAN><BR><SPAN>Building
and Integrating Virtual Private Networks with
Openswan:</SPAN><BR><SPAN><A
href="http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155">http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155</A></SPAN></DIV></BLOCKQUOTE><!-- html ignored --><BR><PRE>_______________________________________________
<A href="mailto:Users@lists.openswan.org">Users@lists.openswan.org</A>
<A href="https://lists.openswan.org/mailman/listinfo/users">https://lists.openswan.org/mailman/listinfo/users</A>
Micropayments: <A href="https://flattr.com/thing/38387/IPsec-for-Linux-made-easy">https://flattr.com/thing/38387/IPsec-for-Linux-made-easy</A>
Building and Integrating Virtual Private Networks with Openswan:
<A href="http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155">http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155</A>
</PRE></BLOCKQUOTE></DIV></BLOCKQUOTE>
<BLOCKQUOTE type="cite">
<DIV><SPAN>_______________________________________________</SPAN><BR><SPAN><A
href="mailto:Users@lists.openswan.org">Users@lists.openswan.org</A></SPAN><BR><SPAN><A
href="https://lists.openswan.org/mailman/listinfo/users">https://lists.openswan.org/mailman/listinfo/users</A></SPAN><BR><SPAN>Micropayments:
<A
href="https://flattr.com/thing/38387/IPsec-for-Linux-made-easy">https://flattr.com/thing/38387/IPsec-for-Linux-made-easy</A></SPAN><BR><SPAN>Building
and Integrating Virtual Private Networks with Openswan:</SPAN><BR><SPAN><A
href="http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155">http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155</A></SPAN><BR></DIV></BLOCKQUOTE>
<P>
<HR>
<P></P>_______________________________________________<BR>Users@lists.openswan.org<BR>https://lists.openswan.org/mailman/listinfo/users<BR>Micropayments:
https://flattr.com/thing/38387/IPsec-for-Linux-made-easy<BR>Building and
Integrating Virtual Private Networks with
Openswan:<BR>http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155<BR></BLOCKQUOTE></BODY></HTML>