[Openswan Users] Hung sessions in 2.1.[45] under 2.6.7

Shane Hickey shane at howsyournetwork.com
Thu Aug 26 14:40:38 CEST 2004

Shane Hickey <shane at howsyournetwork.com> [2004-08-26 11:09]:
> Paul Wouters <paul at xelerance.com> [2004-08-26 18:54]:
> > I think the problem here might actually be the path-mtu discovery
> > failing in the 2.6 kernel with native ipsec. So lowering the mtu on
> > that end doesn't help, since the other end is still talking to a
> > broken path-mtu discovery machine. But once you lower the mtu on the
> > remote end, path-mtu failure doesn't matter, since the mtu is small
> > enough to begin with.
> That makes perfect sense.  I just finished compiling 2.6.8 on the
> firewall, I'll reboot and reply.

Well, I tried gentoo-dev-sources-2.6.8-r3 and it didn't help with the MTU problem.  It also didn't have /proc/net/ipsec_version.  I think I'll just wait for 2.6 KLIPS support in openswan and just do the MTU trick for now.  Thanks for all the help!

Shane Hickey <shane at howsyournetwork.com>: Network/System Consultant
Key fingerprint: 254F B2AC 9939 C715 278C  DA95 4109 9F69 777C BF3F
Listening to: The Cure - before three

More information about the Users mailing list