[Openswan Users] L2TP/PPP authentication

Tomasz Grzelak tgrzelak at wktpolska.com.pl
Wed Apr 27 09:25:21 CEST 2005

Jacco de Leeuw wrote:

> Both sides run Linux? I would not recommend L2TP for such a setup.
> IPsec without L2TP is easier to use.

Sorry for interrupting the topic but I think it's right time to ask, how 
  do you handle issues with MTU when using plain IPSec?
If you had L2TP/PPP, you could set an MTU in ppp to some lower value to 
balance the overhead added by IPSec protocol encapsulation. I noticed 
that xp native (L2TP/PPP) clients had no MTU problem. Correct me if I am 

I configured a tunnel between two linux hosts running OpenSwan 2.2.0 
with plain IPSec, and no other layer 2 protocols, and I had big troubles 
to make rdp/vnc/smb connections work, while other light connections 
(example: telnet, ssh) worked fine.

I finally used the MSS target in the iptables script, and it all worked 
Unfortunatelly I am not able to check if Path-MTU (as I remember it is 
icmp [type 3, code 4]) would also work.
If you open a firewall for this icmp traffic, would it be enough?

I'd like to ask how you handle such problems.

Tomasz Grzelak

More information about the Users mailing list