[Openswan Users] overridemtu on U2.1.4/K2.6.7 (native) not
working?
Ken Bantoft
ken at xelerance.com
Tue Jul 13 15:59:38 CEST 2004
overridemtu= is a KLIPS (ipsec0) only device setting - it doesn't apply to
the 26sec stack. I'm not sure how to deal with the issue on 2.6 Kernels -
perhaps Herbert can shed some light.
On Tue, 13 Jul 2004, jerry wrote:
> dear list,
> I encountered strange behavior while testing my new setup.
> When tcp-packets going encrypted reached some size, say 1369 bytes or more,
> they are eaten by my ISP and do never arrive at my roadwarrior.
> Because smaller packets works great I suspected fragmentation
> issue and I tried to lower the mtu value by explicitly setting overridemtu.
> But this doesn't help in any way. So I tcpdumped and discovered
> that nothing has changed in the size of outgoing esp-packets ->still at 1480 in size.
> I reduced the mtu of the ETH1 (inet-side) and restarted openswan.
> Thats it! The mtu/mss of ESP's was shorter and I can surf and ssh and all other things!
> ;-)
>
> the bad news is that by changing the mtu of the eth-interface all traffic
> is slow down :-(
>
--
Ken Bantoft VP Business Development
ken at xelerance.com Xelerance Corporation
sip://toronto.xelerance.com http://www.xelerance.com
More information about the Users
mailing list