[Openswan Users] L2TP/PPP authentication ---> MTU problems

Tomasz Grzelak tgrzelak at wktpolska.com.pl
Wed Apr 27 16:21:55 CEST 2005

Jacco de Leeuw wrote:
>> Sorry for interrupting the topic but I think it's right time to ask, 
>> how do you handle issues with MTU when using plain IPSec?
> Sorry, you're asking the wrong guy. I have not had MTU problems
> (fortunately) so I can't really help.

so you are the lucky one :)

> How about using 'ifconfig eth0 mtu 1400' or some other value?

that's not an option; there is a lot of other traffic on the IPSec link

I just want to know how it should be solved best - establish 
PPP/L2TP/IPSec connections like xp clients do, or would be enough to let 
icmp [3,4] packets go through, so Path-MTU would be used, or... what else?

I used the MSS target in the iptables script, and it worked, but I think 
it isn't the right way, bacause it does not solve all problems, just TCP 

So, who else had the problem, and would like to share the knowledge of 
solving it?

Tomasz Grzelak

More information about the Users mailing list