[Openswan Users] Problems with Large Packets? - ps ax hangs in ssh - tunnel over wireless network

Markus Meissner mlist at meissner.IT
Wed Apr 20 23:16:48 CEST 2005


Tomasz Grzelak <mailto:tgrzelak at wktpolska.com.pl> wrote:
> Markus Meissner wrote:
>>> On the other hand you have another choice that worked for me - add the
>>> following rules to the iptables script:
>>> 
>>> $IPT -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --set-mss 1416
>>> 
>> Uah, 10 minutes later =) I have set the mtu on the client (the
>> ssh-server) to 1413 and it works! What I don't understand is that I
>> have to set the mtu on the "client" and one hop later, on the gateway,
>> it doesn't work. 
> 
> avoid this; changing mtu on all LAN interfaces is the last thing you
> should do; forget about it try to find a solution not affecting hosts in
> LANs IPSec should be transparent to hosts making connections  

You're right, that would be a bad solution. Playing with iptables I found
that I need a much lower mtu when setting it via iptables instead of
directly on the interface of the client (testen in 10th-pieces): 1250 is the
correct value for me, 1260 is to high. I have not made any performance-tests
right now but the main thing is that it's working now with a good solution.
Thank you all and especally Thomas for motivating me finding a good solution
=)

-- 
Beste Grüße / best regards Markus Meissner



More information about the Users mailing list