[Openswan Users] stuck in STATE_MAIN_I3/STATE_MAIN_R2
Oskar Liljeblad
oskar at osk.mine.nu
Wed Oct 13 09:23:58 CEST 2004
On Wednesday, October 13, 2004 at 07:59, Herbert Xu wrote:
> >
> > Could it be the ISP blocking this packet? To test this possibility I set up
> > openswan on a third system (on a third ISP).
> >
> > alpha-beta fails as above
> > alpha-third fails as above
> > beta-third OK!
>
> Does ping -s 1472 beta/third work from alpha?
On alpha, without VPN:
ping -s 1472 beta OK
ping -s 1473 beta no reply
ping -s 1472 third OK
ping -s 1473 third no reply
On alpha, with VPN to beta:
ping -s 1472 beta fails
When I try to find the maximum working packet size with ping with
VPN enable I get weird results: First ping works. Then next time
I try I might get
From alpha icmp_seq=1 Frag needed and DF set (mtu = 1220)
and the lower size I go, the lower the MTU reported by ping is:
From alpha icmp_seq=1 Frag needed and DF set (mtu = 1108)
Regards,
Oskar Liljeblad (oskar at osk.mine.nu)
More information about the Users
mailing list