[Openswan Users] ping works but others applications don't

Paul Wouters paul at xelerance.com
Wed Jan 26 13:12:59 CET 2005

On Tue, 25 Jan 2005, Glover George wrote:

> Hi, I get the same problem as well, but most people write it off ass
> mtu problems.  I have exactly the same symptons, just on fedora core
> 3.  There must be some step missing from the documentation that
> everyone else "knows" about.  When you perform the ping and it comes
> back, but nothing else does, ....do you see "any" replies coming back
> to the machine on the original subnet?  Although nothing other than
> ping works for me, i do see some packet replies (with tcpdump on the
> original sending machine) come all the way back, but can't figure out
> why the applications aren't seeing it.

- Make sure the xfrm4_tunnel kernel module is loaded, or disable compression.
- overridemtu= is not supported for NETKEY
- PMTU is not supported by NETKEY, you can try tcpmiss clamping.
- Try KLIPS instead of NETKEY if you have these problems. Do not use RedHat
   kernel sources for this, since one of their patches causes KLIPS to kill
   your machine. We have not yet pinned this change down.

Indeed, this question has come to this list for many times since NETKEY saw
serious usage as a result of Openswan being included into Fedora Core.


More information about the Users mailing list