[Openswan Users] KLIPS not responding to 348+ byte ESP-in-UDP
packets?
Toby Corkindale
openswan at wintrmute.net
Sat Aug 28 23:14:57 CEST 2004
On Fri, Aug 27, 2004 at 11:31:38PM +0200, Paul Wouters wrote:
> On Fri, 27 Aug 2004, Toby Corkindale wrote:
>
> >For this example, I have a 2.6.8.1 machine with native IPSEC, sitting
> >behind a NAT firewall. It is connecting to a 2.4.27 machine running KLIPS.
> >Both machines are using Openswan 2.1.5.
>
> >I now try pinging the host via the tunnel. Pings (up to -s 287) work fine,
> >but after that, it fails to respond.
>
> Can you try and add compression=no to both ends. I have a strong sspicion
> compression+nat-t is broken on 2.4 with klips currently. Perhaps also on 2.6
> with klips (Nate?)
Setting compress=no on both machines solved the problem!
Looks like that's the problem, then..
cheers,
Toby
--
Turning and turning in the widening gyre/The falcon cannot hear the falconer;
Things fall apart, the centre cannot hold/Mere anarchy is loosed upon the world
(gpg --keyserver www.co.uk.pgp.net --recv-key 897E5FF3)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.openswan.org/pipermail/users/attachments/20040828/3ecf2a59/attachment.bin
More information about the Users
mailing list