[Openswan Users] Unusual packet loss

Paul Wouters paul at xelerance.com
Mon Jan 24 15:19:44 CET 2005


On Mon, 24 Jan 2005, Philip Burrow wrote:

>> Also, perhaps that DSL router is blocking ICMP's neccessary for proper PMTU 
>> to
>> begin with?
>
> If it was, would the tunnels come up with no errors to begin with? Each of my 
> tunnels comes up with IPSec SA Established, as you would expect.

Depends on the configuration. If the IPsec packets on udp 500 are small enough,
it would work, and only later on would you see problems for larget (tcp) packets.

> I will try replacing the router with one I know works. The "dodgy" router is 
> a 2wire Homeportal 1800 if that helps. The name "Homeportal" makes me think 
> it's probably doing things to cause this problem.

Never heard of it, so I can't say anything about it. Google doesn't find much
eioher.

> Would KLIPS help me? I built Openswan RPMs from the SRPM so I have a KLIPS 
> one (which I have now installed). Is it a simple configuration edit to change 
> it to KLIPS?

Just make sure to unload the af_key and esp4 modules and modprobe ipsec, and
you've switched. But be aware that KLIPS is experimental on 2.6. One known
problem is that unloading the module does not work. On RedHat (ix86) kernels it
causes a freeze up when a tunnel gets established.

Paul
-- 

"At best it is a theory, at worst a fantasy" -- Michael Crichton



More information about the Users mailing list