[Openswan Users] Truncated IP Packets with more than packetsize of 480 bytes

foren titze foren.titze at gmx.net
Wed Aug 10 15:19:32 CEST 2005


hello,

I have a strange problem. 
I have set up an l2tpd/ipsec tunnel between windows xp sp2 and debian openswan 2.4.0dr8 klips kernel patch with natt-patch kernel 2.6.11.12.

the situaltion is, that I can ping into the tunnel and in the subnet behind the server. But no ssh nor http traffic is possible. all iptables masquerade rules are set right.

along this way it is now possible to grep on the ipsec0 interface build into the kernel.
 there I have found this:
---
dialin-145-254-117-002.arcor-ip.net.l2f:  l2tp:[L](30/1) {IP 512: truncated-ip - 20 bytes missing!192.168.121.139 > 192.168.121.141: icmp: echo reply} (frag 49127:528 at 0+)
---

All packets smaller than 480 byte can get through the tunnel. all other not.

the mtu of the ipsec0 interface is set to 1500, the ppp interface is set to mtu/mru 1400 by the l2tpd.

can anybody help me? 

so nobody can use the tunnel intelligent.

thanks ben


More information about the Users mailing list