[Openswan Users] Hung sessions in 2.1.[45] under 2.6.7

Paul Wouters paul at xelerance.com
Thu Aug 26 19:54:32 CEST 2004

On Thu, 26 Aug 2004, Shane Hickey wrote:

> The laptop is actually the firewall.  I tried lowering that MTU on all of it's interfaces to 1200 and that didn't help.  However, when I change my MTU on my workstation (behind the firewall) that fixes it right up.  Even an MTU of 1400 works like a charm.  It's weird because large pings were going through fine.

Just for my understanding, what was running on the workstation (OS and ipsec?)
and what was running on the laptop?

> Wow... only a few weeks, eh?  I thought it was much further out than that.

See openswan-dev, it's been hacked togehter by Nate already. Now Michael gets
to properly fix the things Nate found.

> I'm going to do this now.  I'll report my success/failure to the list.


I think the problem here might actually be the path-mtu discovery failing in
the 2.6 kernel with native ipsec. So lowering the mtu on that end doesn't
help, since the other end is still talking to a broken path-mtu discovery
machine. But once you lower the mtu on the remote end, path-mtu failure
doesn't matter, since the mtu is small enough to begin with.


More information about the Users mailing list