[Openswan Users] overridemtu on U2.1.4/K2.6.7 (native) not working?

jerry jz at silpion.de
Wed Jul 14 20:56:32 CEST 2004 

At 14.07.2004 01:19, you wrote:
>Under 26sec, there is currently no way to set the MTU inside the tunnel.
>You can only influence the inner MTU by changing the MTU of ther remote
>IPsec gateway.
>
>Setting the MTU on the interface is one way of doing that.  Another way
>is to add a route:
>
>ip r r 1.2.3.4 via x.x.x.x dev eth1 mtu yyyy
>
>where 1.2.3.4 is the address of the remote gateway, x.x.x.x is your
>nexthop gateway and yyyy is the outer MTU you want to lower it to.
>
>Incidentally, this is exactly the sort of situation that my MSS-clamp
>based proposal is meant to address.

that is a very nice solution of that mtu-problem!

I prepared a bash script, that do this mtu-path-discovery.
I also changed _updown.ip2 like below (the offsets may be wrong!)
After this I achieved per peer mtu at low cost of time (few seconds to discover mtu).
THIS IS ONLY A WORKAROUND NOT A SOLUTION
---------------------------------------------------------------
@@ -317,7 +334,13 @@
                it="ip route $1 0.0.0.0/1 $parms2 &&
                        ip route $1 128.0.0.0/1 $parms2"
                ;;
-       *)      it="ip route $1 $parms $parms2 $parms3"
+        *)
+               mtucmd="/usr/local/lib/ipsec/mtupathdiscover.sh $PLUTO_PEER $PLUTO_ME 1500 100"
+               mtu="`eval $mtucmd`"
+               echo $mtucmd
+               echo "MTU is $mtu"
+               it="ip route $1 $parms $parms2 $parms3 mtu $mtu"
---------------------------------------------------------------

here comes bash: /usr/local/lib/ipsec/mtupathdiscover.sh
args: $1=peer $2=left gateway ip $3=upper limit of mtu to test $4=lower limit
---------------------------------------------------------------
# !/bin/bash
# 28 is the header length of ping
# prints out the discovered mtu (also as exit status)

DEST=$1
SRC=$2
START=$(( $3 - 28 ))
END=$(( $4 -28 ))
doit=1
up=$START
down=$END
ret=0
next=$(( $up-(($up-$down)/2)  ))
prev=0
while [ $doit -eq 1 ]
do

        #echo "up=$(( $up+28 )) down=$(( $down+28 ))  next=$(( $next+28 ))"

        cmd="ping -M do -I $SRC -s $next -c 1 -W 1 $DEST"
        ret="`eval $cmd 2>&1`"
        ret=${ret##*transmitted??}
        ret=${ret:0:1}
#       if [ "$ret" = "0" ]
#       then
#               #echo "$(( $next+28 )) ping failed"
#       elif [ "$ret" = "1" ]
#       then
#               #echo "$(( $next+28 )) ping ok"
#       else
#               #echo "$(( $next+28 )) not so ok?"
#       fi

        if [ "$prev" -eq "$next" ]
        then
                echo "$(( $down+28 ))"
                exit "$(( $down+28 ))"
        fi


        if [ $ret -eq 0 ]
        then
                up=$next
        else
                down=$next
        fi
        prev=$next
        next=$(( $up-(($up-$down)/2) ))
done
---------------------------------------------------------------

More information about the Users mailing list