[Openswan Users] tcpdump + mtu

[Paul Wouters]

On Fri, 15 Oct 2004, Bernd Weber wrote:

> Do you have any idea about the second (and more pressing) problem with the 
> lost packets over pppoed?

Oh, I hadn't seen that part yet. Path mtu is a problem with the native 2.6 ipsec
stack. You can try lowering the mtu on both ends, or you can try to do some
iptables rile with tcp-mss clamping. Something like:

iptables -I FORWARD -s 0/0 -d 0/0 -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --set-mss 1440

Paul