[Openswan Users] Unusual packet loss
Philip Burrow
philburrow at blueyonder.co.uk
Mon Jan 24 13:39:59 CET 2005
Paul Wouters wrote:
> Can you try clamping it?
>
> iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS
> --clamp-mss-to-pmtu
Tried this on both ends, no luck.
> Otherwise, try pinging with different size packets until it fails, and
> then use
> the last successful packet size (eg 1440) to:
>
> iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --set-mss 1440
Worked this down to 1430 and tried the command you specified but again
it did not seem to change anything.
> Also, perhaps that DSL router is blocking ICMP's neccessary for proper
> PMTU to
> begin with?
If it was, would the tunnels come up with no errors to begin with? Each
of my tunnels comes up with IPSec SA Established, as you would expect.
I will try replacing the router with one I know works. The "dodgy"
router is a 2wire Homeportal 1800 if that helps. The name "Homeportal"
makes me think it's probably doing things to cause this problem.
Would KLIPS help me? I built Openswan RPMs from the SRPM so I have a
KLIPS one (which I have now installed). Is it a simple configuration
edit to change it to KLIPS?
Thanks Paul.
Regards,
Phil
More information about the Users
mailing list