[Openswan Users] Unusual packet loss
Paul Wouters
paul at xelerance.com
Mon Jan 24 13:35:37 CET 2005
On Mon, 24 Jan 2005, Philip Burrow wrote:
> I have since altered the MTU in gradual steps on -both- machines
> simultaneously (steps of 50 from 1500 to 1000), yet it still drops pings when
> I restart ipsec, and data streams seem to stop after the first bunch of data
> as described in the original post.
Can you try clamping it?
iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
Otherwise, try pinging with different size packets until it fails, and then use
the last successful packet size (eg 1440) to:
iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --set-mss 1440
Also, perhaps that DSL router is blocking ICMP's neccessary for proper PMTU to
begin with?
Paul
--
"At best it is a theory, at worst a fantasy" -- Michael Crichton
More information about the Users
mailing list