[Openswan Users] Hung sessions in 2.1.[45] under 2.6.7

Paul Wouters paul at xelerance.com
Thu Aug 26 12:32:00 CEST 2004


On Wed, 25 Aug 2004, Shane Hickey wrote:

> However, after I migrated to 2.6.7 I ran into problems.  First, I emerged ipsec-tools so that I could get setkey.  After I got setkey (and rebuilt my kernel for ESP support) I was able to bring my VPN up.
>
> I am able to ping across my VPN (even with 5k packets) without any problems.  However, I can't browse webpages on remote servers, it transfers a tiny bit of the page (maybe the page title) and then it hangs.  Also, I can ssh across the VPN, but if I do 'cat', 'vi' or even 'ls' (basically anything that would have transmitted text back to me) it will also hang.  It sorta sounded like a MTU thing, but then I wouldn't expect the large pings to work.
>
> I also tried to add compress=no to my ipsec.conf and that didn't seem to help.  Has anyone seen behavior like this?  I apologize if it's already been answered.  I really did try and find the solution on my own.

Intersting.  Trey loweing your mtu on the laptop to say 1200 and see
what happens. (Don't use overridemtu=, that only applies to ipsecX, KLIPS)

Let me know if this helps. It is interesting, because it means that in
the same network, KLIPS works with your network, but the 2.6 native code
has mtu issues. Though we would only know for sure once KLIPS on 2.6 is
an option, for a real compare. This will hopefully be within a few weeks.

Also, a lot of ipsec fixes went into 2.6.8.1, you might want to upgrade
to that kernel instead.

Paul


More information about the Users mailing list