[Openswan Users] MTU problems.
Martin Wickman
martin at wickman.com
Mon Sep 6 00:10:44 CEST 2004
Hello
Linux Openswan U2.1.5/K2.6.8.1- (native) (native) using x.509.
I've managed to setup a so-so working ipsec tunnel between my two
networks. Both NAT'ed, local net is a dialup ADSL, remove end is static.
The major issues is related to sending and receiving _large_ packets.
Using ethereal and others found out that the problem was MTU related.
I changed the MTU on my local machine to match the NAT-router I am using
(ADSL with MTU 1454) using 'ifconfig eth0 mtu 1454'. That made it
possible to _send_ any packets without any problems. Problem is that I
can only receive packets smaller than (I think) 1325 bytes from the
office network. Trying anything larger than that results in a stalled
connection. My guess is that fiddling with different MTU values will fix
this eventually, but:
1. How is it possible that my tunnel works without having made _any_
changes to the firewall/NAT-gateway. That is, nothing ipsec-related has
been enabled in the firewall.
2. Would fixing the firewall to forward the public ipsec-ports (TCP-50,
UDP-500 or whatnot) to my machine help me with this problem?
3. I have no ipsec0 interface so I have to change MTU manually on eth0.
Is there a better way to do this? (overridemtu did not help).
4. It seems an awful lot of work to get the MTU-values to match on all
involved networks (my ADSL vs. the office network). Is there a better
way to fix this?
/Thanks alot for any hints!
More information about the Users
mailing list