[Openswan Users] L2TP/IPsec problem
Paul Wouters
paul at xelerance.com
Tue Aug 30 23:43:39 CEST 2005
On Tue, 30 Aug 2005, Nico Schmoigl wrote:
> Here's the interesting part of it: my current tests (further results below)
> show that the sequence
>
> transport (1), tunnel (2), transport (3)
>
> (1) does not work
> (2) works
> (3) works (!)
Odd
> mmhm... my current tests don't really show the impact of MTU/MRU values on
> this issue. I think, that I observered another, more overlaying issue. If
> using "big certificates", rebooting of the Windows client does matter!
Okay, you probably did not clear all the IKE/ISAKMP stuff in windows.
You would probably achieve the same by restarting the "IPsec" service.
> At http://www.schmoigl-online.de/ipsec/debugging.tar.bz2 you'll find a
> documentation package of my latest testings on this issue. Here's the
> environment in which these tests happend:
Thanks for the files and the extensive bughinting. I'll have a look at it
later.
> In short: If you have a big certificate installed and you reboot your client,
> chances are good, that you may not connect anymore. However, with small
> certificates, it doesn't matter to reboot the client.
At least if this is the case, it is not something we can fix easilly.
Paul
More information about the Users
mailing list