[Openswan Users] gre tunnels and klips
GuillermoOntañón
gontanon at pandasoftware.es
Wed Dec 14 10:19:20 CET 2005
On Wed, 2005-12-07 at 18:57 +0100, Paul Wouters wrote:
> This is a known problem and will be fixed in the neext release. A
> workaround for you might be to add fragicmp=no.
Hi Paul,
Here's some more info on this issue, in case it helps.
I'm using Openswan 2.4.4 + klips on Linux 2.4.31. I'm seeing this
problem when making SMB conections through the tunnel to a Windows box
in the subnet behind the openswan gateway. The openswan gateway is
sending icmp frag-needed packets whenever the windows machine sends a
tcp syn+ack packet (i have a packet capture, tell me if you need it).
The icmp packets have the "mtu of next hop" field set to 0.
To make things worse, this is triggering a bug in some Windows (tested
w2k, XP and 2003) operating systems that makes most of them crash.
Microsoft published a hotfix in June that fixes this issue, but
unpatched w2k and w2003 machines invariably crash.
Here's some more info:
http://support.microsoft.com/default.aspx?scid=kb;en-us;829120
Openswan 2.3.1 on the same kernel does not have this problem.
--
Guillermo Ontañón <gontanon at pandasoftware.es>
More information about the Users
mailing list