[Openswan Users]
Paul Wouters
paul at xelerance.com
Wed Aug 10 23:46:18 CEST 2005
On Wed, 10 Aug 2005, foren titze wrote:
> I have set up an l2tpd/ipsec tunnel between windows xp sp2 and debian openswan 2.4.0dr8 klips kernel patch with natt-patch kernel 2.6.11.12.
Odd, usually KLIPS works fine. Does ipsec --version confirm you are using
klips and not netkey?
> the situaltion is, that I can ping into the tunnel and in the subnet behind the server. But no ssh nor http traffic is possible. all iptables masquerade rules are set right.
>
> along this way it is now possible to grep on the ipsec0 interface build into the kernel.
> there I have found this:
> ---
> dialin-145-254-117-002.arcor-ip.net.l2f: l2tp:[L](30/1) {IP 512: truncated-ip - 20 bytes missing!192.168.121.139 > 192.168.121.141: icmp: echo reply} (frag 49127:528 at 0+)
> ---
>
> All packets smaller than 480 byte can get through the tunnel. all other not.
>
> the mtu of the ipsec0 interface is set to 1500, the ppp interface is set to mtu/mru 1400 by the l2tpd.
Michael? Do you have an idea what the problem is here?
Paul
More information about the Users
mailing list