[Openswan Users] overridemtu on U2.1.4/K2.6.7 (native) not
working?
Alexander Samad
alex at samad.com.au
Wed Jul 14 08:46:50 CEST 2004
On Tue, Jul 13, 2004 at 02:59:38PM +0200, Ken Bantoft wrote:
>
>
> overridemtu= is a KLIPS (ipsec0) only device setting - it doesn't apply to
> the 26sec stack. I'm not sure how to deal with the issue on 2.6 Kernels -
> perhaps Herbert can shed some light.
Why not -j TCPMSS --set-mss for those connections ! I have mine
attached to the updown script for the ipsec connection
>
>
> On Tue, 13 Jul 2004, jerry wrote:
>
> > dear list,
> > I encountered strange behavior while testing my new setup.
> > When tcp-packets going encrypted reached some size, say 1369 bytes or more,
> > they are eaten by my ISP and do never arrive at my roadwarrior.
> > Because smaller packets works great I suspected fragmentation
> > issue and I tried to lower the mtu value by explicitly setting overridemtu.
> > But this doesn't help in any way. So I tcpdumped and discovered
> > that nothing has changed in the size of outgoing esp-packets ->still at 1480 in size.
> > I reduced the mtu of the ETH1 (inet-side) and restarted openswan.
> > Thats it! The mtu/mss of ESP's was shorter and I can surf and ssh and all other things!
> > ;-)
> >
> > the bad news is that by changing the mtu of the eth-interface all traffic
> > is slow down :-(
> >
>
>
> --
> Ken Bantoft VP Business Development
> ken at xelerance.com Xelerance Corporation
> sip://toronto.xelerance.com http://www.xelerance.com
>
> _______________________________________________
> Users mailing list
> Users at lists.openswan.org
> http://lists.openswan.org/mailman/listinfo/users
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.openswan.org/pipermail/users/attachments/20040714/1c12db23/attachment.bin
More information about the Users
mailing list