[Openswan Users] ipsec0: MTU of 16260

Graham Leggett minfrin at sharp.fm
Thu Jul 1 19:17:31 CEST 2004

Paul Wouters wrote:

>>Can anyone explain why my MTU on ipsec0 is so big?
>>VPN is via openswan v2.1.4 on both ends.
> That is normal. If you want to try and play with mtu, play with the mtu
> on the physical device, not the ipsecX one.

Ah, but I don't want to play around with the MTU.

For reasons not known, the MTU as created by openswan on the ipsec 
device is set to a number which doesn't work for some reason - I'm 
trying to figure out why. The default of 16260 causes downloads to fail 
(they hang forever). Changing the default to a number less than the 
underlying interface MTU makes the VPN work.

Could it be the underlying network causing problems with large VPN 
packets? If the 16260 byte long packet was fragmented (as it would be, 
the underlying interface has an MTU of 1466) would the fragmentation be 
handled by the underlying network or would the VPN drivers handle the 


More information about the Users mailing list