[Openswan Users] packet bigger then 280 want go threw
Paul Wouters
paul at xelerance.com
Mon Dec 20 22:29:59 CET 2004
On Sun, 19 Dec 2004, jorge wrote:
> Hi i have a problem with openswan 2.3 running with kernel 2.6.9. Ipsec starts
> without problems, i can also ping some hosts from second segment of a tunnel.
> The problem is that if i try to ping with packet bigger then 280 bytes, the
> packet will not go threw. What is interesting , that tcpdump shows me only
> the packets smaller then 280 bytes, bigger want show..
> Maybe is something with mtu.
Did you load the xfrm4_tunnel mode?
You can try and disable compression otherwise.
NETKEY has no support for path MTU discovery. You can try TCP clamping.
Paul
--
Math is case-sensitive
--- Ian Goldberg
More information about the Users
mailing list