[Openswan Users] Hung sessions in 2.1. under 2.6.7
shane at howsyournetwork.com
Thu Aug 26 14:40:38 CEST 2004
Shane Hickey <shane at howsyournetwork.com> [2004-08-26 11:09]:
> Paul Wouters <paul at xelerance.com> [2004-08-26 18:54]:
> > I think the problem here might actually be the path-mtu discovery
> > failing in the 2.6 kernel with native ipsec. So lowering the mtu on
> > that end doesn't help, since the other end is still talking to a
> > broken path-mtu discovery machine. But once you lower the mtu on the
> > remote end, path-mtu failure doesn't matter, since the mtu is small
> > enough to begin with.
> That makes perfect sense. I just finished compiling 2.6.8 on the
> firewall, I'll reboot and reply.
Well, I tried gentoo-dev-sources-2.6.8-r3 and it didn't help with the MTU problem. It also didn't have /proc/net/ipsec_version. I think I'll just wait for 2.6 KLIPS support in openswan and just do the MTU trick for now. Thanks for all the help!
Shane Hickey <shane at howsyournetwork.com>: Network/System Consultant
GPG KeyID: 777CBF3F
Key fingerprint: 254F B2AC 9939 C715 278C DA95 4109 9F69 777C BF3F
Listening to: The Cure - before three
More information about the Users