[Openswan Users] L2TP/IPsec problem
Paul Wouters
paul at xelerance.com
Mon Aug 29 20:36:03 CEST 2005
On Mon, 29 Aug 2005, Nico Schmoigl wrote:
> L2tpd can't help here. That stuff is still at the phase of ipsec
> negotiations. Therefore l2tpd isn't involved here.
It is. By telling l2tp to make smaller packets, the ESP packets will also
be smaller and the espinudp will also be smaller.
> As already mentioned on the list, I now got it working. I decreased the size
> of the certificates (both of the CA and the used key itself) to the absolute
> minimum (I formerly used phpki from http://phpki.sf.net which adds additional
> x509v3 values like CRT, NSComments and all that stuff - look at my patch,
> which is available at the project's website!).
This seems a different problem of IKE packets not surviving fragmentation.
> If it helps you, I can send you a bunch of keys and certificates with which
> it works and another bunch with which it doen't work. If the logfiles are
> also interesting for you, I can send them, too. Just drop me a short mail...
I think this is a known problem, but needs to be documented better. And fixed.
Paul
More information about the Users
mailing list