[Openswan Users] ipsec0: MTU of 16260
Graham Leggett
minfrin at sharp.fm
Thu Jul 1 21:17:57 CEST 2004
Paul Wouters wrote:
> You are fixing it at the wrong spot. So for the lat time, change the mtu
> on the ethX device, not the ipsecX device.
And for the last time, I'm not trying to fix it - I am trying to work
out exactly what's wrong so that I can go to the ISP with hard facts and
tell _them_ to fix it. It is after all their network that's probably
broken, not mine, until I broke my network as well by changing the MTU
to work around the problem.
Changing the MTU just happens to work around the problem for now, but I
200% agree with you: changing the MTU is the _wrong_ way of fixing this
problem. I need however to know details of exactly why the thing is
breaking in the first place so that I can have an intelligent discussion
with an ISP who usually has no idea what their customers are talking about.
I am looking for the answer to this question: If VPN packets with MTU
sizes larger than the underlying network are dropped, and if lowering
the size of the VPN packets to a size less than the physical MTU of the
underlying network causes it to work again, what is the most likely
reason for this? Broken IP fragmentation within the network between me
and the ISP? Something else?
Regards,
Graham
--
More information about the Users
mailing list