[Openswan Users] L2TP/IPsec problem

Nico Schmoigl nico at schmoigl-online.de
Mon Aug 29 19:51:48 CEST 2005


Paul Wouters wrote:

>>>>     plutodebug=all
>>>>     overridemtu=1500
>>>
>>>
>>> You could try a lower MTU here, say 1400 or so.
>>
>>
>> tried it with 1500, 1000, 500
>> no change at all
>
>
> override mtu will not help you if you use L2TP, which has its own mtu.
>
> Edit /etc/ppp/options.l2tpd and change the mtu and mru there to 500.
> This worked for our L2TP test case. Restart the l2tpd.
>
> We are still looking into this bug.
>
L2tpd can't help here. That stuff is still at the phase of ipsec 
negotiations. Therefore l2tpd isn't involved here.
As already mentioned on the list, I now got it working. I decreased the 
size of the certificates (both of the CA and the used key itself) to the 
absolute minimum (I formerly used phpki from http://phpki.sf.net which 
adds additional x509v3 values like CRT, NSComments and all that stuff - 
look at my patch, which is available at the project's website!).

If it helps you, I can send you a bunch of keys and certificates with 
which it works and another bunch with which it doen't work. If the 
logfiles are also interesting for you, I can send them, too. Just drop 
me a short mail...

Thanks for your help!


73
  Nico

--

EMail: nico at schmoigl-online.de
PGP-fingerprint: 5DDB 09E4 3FF3 CD09 7559  1117 9C03 46E3 38FC 9E03
-----BEGIN GEEK CODE BLOCK-----
Version: 3.12
GCS d- s-:-- a-- C++ UL++ P L+++ E- W++ N+ o- K- w
O- M- V- PS PE Y+ PGP++ t+ 5++ X R tv- b- DI- D
G e h-- r- y+
------END GEEK CODE BLOCK------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Please note my special spam and email virus information at
http://www.schmoigl-online.de/spam/spam.html . Thank you!

Bitte beachten Sie meine speziellen Informationen zu Spam und
EMail-Viren auf der Seite
http://www.schmoigl-online.de/spam/spam.html .
Vielen Dank!

-----BEGIN PGP SIGNATURE-----
Version: PGP 7.0.4

iQA/AwUBPwk70ZwDRuM4/J4DEQKc2gCg73ROAg86gwuECwjbOu8eRxMPRasAoI9Q
IZoZSWmFmSz0Dq53f7CsReUz
=1U0h
-----END PGP SIGNATURE-----




More information about the Users mailing list