[Openswan dev] Openswan 2.3.1/2.4.0rc1 instability with L2TP

Norbert Wegener nw at sbs.de
Tue Aug 23 12:59:07 CEST 2005

Michael Richardson wrote:

>    Norbert> Further analysis showed, that when using a netkey kernel
>    Norbert> instead of KLIPS and openswan-2.4.0rc1 , everything worked
>    Norbert> as expected.  So the problem seems to be only partially
>    Norbert> causes by the fragment_size miscalculation. The main reason
>    Norbert> seems to be related to KLIPS.  Norbert Wegener
>  tcpdump -i ipsec0 -w /tmp/ipsec0.pcap -s 1600 
>  tcpdump -i eth1 -w /tmp/eth0.pcap -s 1600
>  on the server end of things. (assuming eth1 is your external
>  I have been told that there are issues with fragmentation of
>transport-mode packets. 
I do not have any problems with l2tp and fragmentation using the NETKEY 
kernels and userland 2.4.0rc1.

> Don't ask me what I think of L2TP.

You find the tcpdumps at:
tcpdump captured 100 packets on ipsec0 in contrast to 163 packets on eth1.

Additionally there is the messagefile with plutodebug=all and klipsdebug=all


>- -- 
>] Michael Richardson          Xelerance Corporation, Ottawa, ON |  firewalls  [
>] mcr @ xelerance.com           Now doing IPsec training, see   |net architect[
>] http://www.sandelman.ca/mcr/    www.xelerance.com/training/   |device driver[
>]                    I'm a dad: http://www.sandelman.ca/lrmr/                 [
>Version: GnuPG v1.2.2 (GNU/Linux)
>Comment: Finger me for keys

More information about the Dev mailing list