[Openswan dev] Openswan 2.3.1/2.4.0rc1 instability with L2TP

Michael Richardson mcr at xelerance.com
Mon Aug 22 18:44:53 CEST 2005


-----BEGIN PGP SIGNED MESSAGE-----


>>>>> "Norbert" == Norbert Wegener <nw at sbs.de> writes:
    Norbert> Further analysis showed, that when using a netkey kernel
    Norbert> instead of KLIPS and openswan-2.4.0rc1 , everything worked
    Norbert> as expected.  So the problem seems to be only partially
    Norbert> causes by the fragment_size miscalculation. The main reason
    Norbert> seems to be related to KLIPS.  Norbert Wegener

  tcpdump -i ipsec0 -w /tmp/ipsec0.pcap -s 1600 
  tcpdump -i eth1 -w /tmp/eth0.pcap -s 1600

  on the server end of things. (assuming eth1 is your external
interface)

  I have been told that there are issues with fragmentation of
transport-mode packets.  Don't ask me what I think of L2TP.

- -- 
] Michael Richardson          Xelerance Corporation, Ottawa, ON |  firewalls  [
] mcr @ xelerance.com           Now doing IPsec training, see   |net architect[
] http://www.sandelman.ca/mcr/    www.xelerance.com/training/   |device driver[
]                    I'm a dad: http://www.sandelman.ca/lrmr/                 [
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Finger me for keys

iQCVAwUBQwpHUoqHRg3pndX9AQGyTAP/QIeUM/TwRAAfYS0D2vCe+UJTF9ONCwN3
qv+oB+siqS0VAbC4eiJ9WQ5JmtYlREifCUsDcieKfHW82IHHVuf0lCFly8s4QBAV
3TwJLebgex+pahFeqVHu/IbJJSn6Fr9tRxybG2UO5wbZkzw5+OxjOm/uIxRPhML9
QAyO4WTKCK4=
=t8OK
-----END PGP SIGNATURE-----


More information about the Dev mailing list