[Openswan dev] [Openswan Users] Fragmentation/reassembly bad
behaviour (fwd)
Henrik Nordstrom
hno at marasystems.com
Tue Jan 11 18:05:51 CET 2005
On Tue, 11 Jan 2005, Marcus Better wrote:
> I and others have had a similar problem with fragmentation. It might be the
> same bug. It has also been reported here:
>
> http://www.uwsg.iu.edu/hypermail/linux/net/0401.3/0057.html
> http://www.uwsg.iu.edu/hypermail/linux/net/0402.2/0000.html
>
> The temporary fix is to use Netfilter to force the MSS to something smaller:
> $IPTABLES -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --set-mss 1404
This approach works around PMTU Discovery malfunctions in the network by
forcing TCP to only send small segments.
It is a somewhat ugly thing to do, and only works for TCP traffic (not
UDP), but sometimes workarounds is the best one can do..
Regards
Henrik
More information about the Dev
mailing list