[Openswan Users] Hung sessions in 2.1.[45] under 2.6.7
Paul Wouters
paul at xelerance.com
Thu Aug 26 19:54:32 CEST 2004
On Thu, 26 Aug 2004, Shane Hickey wrote:
> The laptop is actually the firewall. I tried lowering that MTU on all of it's interfaces to 1200 and that didn't help. However, when I change my MTU on my workstation (behind the firewall) that fixes it right up. Even an MTU of 1400 works like a charm. It's weird because large pings were going through fine.
Just for my understanding, what was running on the workstation (OS and ipsec?)
and what was running on the laptop?
> Wow... only a few weeks, eh? I thought it was much further out than that.
See openswan-dev, it's been hacked togehter by Nate already. Now Michael gets
to properly fix the things Nate found.
> I'm going to do this now. I'll report my success/failure to the list.
Thanks!
I think the problem here might actually be the path-mtu discovery failing in
the 2.6 kernel with native ipsec. So lowering the mtu on that end doesn't
help, since the other end is still talking to a broken path-mtu discovery
machine. But once you lower the mtu on the remote end, path-mtu failure
doesn't matter, since the mtu is small enough to begin with.
Paul
More information about the Users
mailing list