[Openswan Users] ipsec0: MTU of 16260
Paul Wouters
paul at xelerance.com
Fri Jul 2 01:33:46 CEST 2004
On Thu, 1 Jul 2004, Graham Leggett wrote:
> Changing the MTU just happens to work around the problem for now, but I
> 200% agree with you: changing the MTU is the _wrong_ way of fixing this
> problem.
Changing the mtu is the best *you* can do without needing you isp. But I
am trying to tell you that *if* you need to change mtu's, they should be
changed on the physical device, and not on the virtual device.
> I am looking for the answer to this question: If VPN packets with MTU
> sizes larger than the underlying network are dropped, and if lowering
> the size of the VPN packets to a size less than the physical MTU of the
> underlying network causes it to work again, what is the most likely
> reason for this? Broken IP fragmentation within the network between me
> and the ISP? Something else?
The moment you mention "VPN" they will say "unsupported, buy business
subscription". Don't mention VPN, jsut say "I need to lower my mtu to <
1500, is that normal?".
What you are describing is NOT an ipsec problem and has NOTHING to do with
the 'large mtu on the ipsec device'.
Paul
--
<Reverend> IRC is just multiplayer notepad.
More information about the Users
mailing list