[Openswan Users] L2TP/PPP authentication
Tomasz Grzelak
tgrzelak at wktpolska.com.pl
Wed Apr 27 09:25:21 CEST 2005
Jacco de Leeuw wrote:
> Both sides run Linux? I would not recommend L2TP for such a setup.
> IPsec without L2TP is easier to use.
Sorry for interrupting the topic but I think it's right time to ask, how
do you handle issues with MTU when using plain IPSec?
If you had L2TP/PPP, you could set an MTU in ppp to some lower value to
balance the overhead added by IPSec protocol encapsulation. I noticed
that xp native (L2TP/PPP) clients had no MTU problem. Correct me if I am
wrong.
I configured a tunnel between two linux hosts running OpenSwan 2.2.0
with plain IPSec, and no other layer 2 protocols, and I had big troubles
to make rdp/vnc/smb connections work, while other light connections
(example: telnet, ssh) worked fine.
I finally used the MSS target in the iptables script, and it all worked
fine.
Unfortunatelly I am not able to check if Path-MTU (as I remember it is
icmp [type 3, code 4]) would also work.
If you open a firewall for this icmp traffic, would it be enough?
I'd like to ask how you handle such problems.
Tomasz Grzelak
More information about the Users
mailing list