[Openswan dev] Openswan 2.3.1/2.4.0rc1 instability with L2TP
Michael Richardson
mcr at xelerance.com
Mon Aug 22 18:44:53 CEST 2005
-----BEGIN PGP SIGNED MESSAGE-----
>>>>> "Norbert" == Norbert Wegener <nw at sbs.de> writes:
Norbert> Further analysis showed, that when using a netkey kernel
Norbert> instead of KLIPS and openswan-2.4.0rc1 , everything worked
Norbert> as expected. So the problem seems to be only partially
Norbert> causes by the fragment_size miscalculation. The main reason
Norbert> seems to be related to KLIPS. Norbert Wegener
tcpdump -i ipsec0 -w /tmp/ipsec0.pcap -s 1600
tcpdump -i eth1 -w /tmp/eth0.pcap -s 1600
on the server end of things. (assuming eth1 is your external
interface)
I have been told that there are issues with fragmentation of
transport-mode packets. Don't ask me what I think of L2TP.
- --
] Michael Richardson Xelerance Corporation, Ottawa, ON | firewalls [
] mcr @ xelerance.com Now doing IPsec training, see |net architect[
] http://www.sandelman.ca/mcr/ www.xelerance.com/training/ |device driver[
] I'm a dad: http://www.sandelman.ca/lrmr/ [
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Finger me for keys
iQCVAwUBQwpHUoqHRg3pndX9AQGyTAP/QIeUM/TwRAAfYS0D2vCe+UJTF9ONCwN3
qv+oB+siqS0VAbC4eiJ9WQ5JmtYlREifCUsDcieKfHW82IHHVuf0lCFly8s4QBAV
3TwJLebgex+pahFeqVHu/IbJJSn6Fr9tRxybG2UO5wbZkzw5+OxjOm/uIxRPhML9
QAyO4WTKCK4=
=t8OK
-----END PGP SIGNATURE-----
More information about the Dev
mailing list