[Openswan Users] ipsec0: MTU of 16260
Graham Leggett
minfrin at sharp.fm
Thu Jul 1 19:17:31 CEST 2004
Paul Wouters wrote:
>>Can anyone explain why my MTU on ipsec0 is so big?
>>
>>VPN is via openswan v2.1.4 on both ends.
>
>
> That is normal. If you want to try and play with mtu, play with the mtu
> on the physical device, not the ipsecX one.
Ah, but I don't want to play around with the MTU.
For reasons not known, the MTU as created by openswan on the ipsec
device is set to a number which doesn't work for some reason - I'm
trying to figure out why. The default of 16260 causes downloads to fail
(they hang forever). Changing the default to a number less than the
underlying interface MTU makes the VPN work.
Could it be the underlying network causing problems with large VPN
packets? If the 16260 byte long packet was fragmented (as it would be,
the underlying interface has an MTU of 1466) would the fragmentation be
handled by the underlying network or would the VPN drivers handle the
fragmentation?
Regards,
Graham
--
More information about the Users
mailing list