[Openswan Users] ipsec0: MTU of 16260
jerry
jz at silpion.de
Thu Jul 1 23:36:38 CEST 2004
>I am looking for the answer to this question: If VPN packets with MTU sizes larger than the underlying network are dropped, and if lowering the size of the VPN packets to a size less than the physical MTU of the underlying network causes it to work again, what is the most likely reason for this? Broken IP fragmentation within the network between me and the ISP? Something else?
>
>Regards,
>Graham
>--
hi,
by lowering the size of the esp-payload, you change also the size of whole esp-packets.
this ist tha same as when you change the mtu of your ethX interface (i think).
When you really have problems with mtu-path-discovery, you can discover this by doing
the ping from host to host (both incesure and ipsec) using ping with "-M do -s size".
When problem exists, there is the ragne of packet sizes, where there will be no response
from your peer (fragmentaton needed) and packets will not pass. try diffrent sizes around 1420.
bye
jerry
More information about the Users
mailing list