[Openswan Users] packet bigger then 280 want go threw

Paul Wouters paul at xelerance.com
Mon Dec 20 22:29:59 CET 2004

On Sun, 19 Dec 2004, jorge wrote:

> Hi i have a problem with openswan 2.3 running with kernel 2.6.9. Ipsec starts 
> without problems, i can also ping some hosts from second segment of a tunnel. 
> The problem is that if i try to ping with packet bigger then 280 bytes, the 
> packet will not go threw. What is interesting , that tcpdump shows me only 
> the packets smaller then 280 bytes, bigger want show..
> Maybe is something with mtu.

Did you load the xfrm4_tunnel mode?
You can try and disable compression otherwise.

NETKEY has no support for path MTU discovery. You can try TCP clamping.

    Math is case-sensitive
                             --- Ian Goldberg

More information about the Users mailing list