[Openswan dev] Openswan 2.3.1/2.4.0rc1 instability with L2TP
Norbert Wegener
nw at sbs.de
Sun Aug 21 20:43:21 CEST 2005
Norbert Wegener wrote:
> Alan DeKok wrote:
>
>> Norbert Wegener <nw at sbs.de> wrote:
>>
>>
>>> I can confirm this behaviour for 2.4.0rc1 with KLIPS and the actual
>>> version of freeradius.
>>>
>>
>> ...
>>
>> FreeRADIUS uses the Framed-MTU attribute to calculate how much data
>> to send to the client. Unfortunately, the calculation is probably a
>> little wrong.
>>
>> In the short term set the "fragment_size" in eap.conf to a smaller
>> value, and it should work.
>>
>> I think a patch for 1.0.5 would be good.
>>
>> Alan DeKok.
>>
>>
> Maybe this solves one part of the problem, but that alone does not help.
> I have tried different fragment_sizes. The results differs, but in no
> case I do get the l2tp/ppp session authenticated.
> I put the logs at http://www.wegener-net.de/freeradius, where you can
> see the differences. The filename ends with the involved fragment size.
> Which more information should I provide?
>
>
> Norbert Wegener
Further analysis showed, that when using a netkey kernel instead of
KLIPS and openswan-2.4.0rc1 , everything worked as expected. So the
problem seems to be only partially causes by the fragment_size
miscalculation. The main reason seems to be related to KLIPS.
Norbert Wegener
>
>
>> - List info/subscribe/unsubscribe? See
>> http://www.freeradius.org/list/devel.html
>>
>>
>
> _______________________________________________
> Dev mailing list
> Dev at openswan.org
> http://lists.openswan.org/mailman/listinfo/dev
More information about the Dev
mailing list