[Openswan Users] ping works but others applications don't

Paulo Ricardo Bruck pauloric at contato.com.br
Thu Jan 27 13:46:19 CET 2005 

Em Qua, 2005-01-26 às 13:12 +0100, Paul Wouters escreveu:
> On Tue, 25 Jan 2005, Glover George wrote:
> 
> > Hi, I get the same problem as well, but most people write it off ass
> > mtu problems.  I have exactly the same symptons, just on fedora core
> > 3.  There must be some step missing from the documentation that
> > everyone else "knows" about.  When you perform the ping and it comes
> > back, but nothing else does, ....do you see "any" replies coming back
> > to the machine on the original subnet?  Although nothing other than
> > ping works for me, i do see some packet replies (with tcpdump on the
> > original sending machine) come all the way back, but can't figure out
> > why the applications aren't seeing it.
> 
> - Make sure the xfrm4_tunnel kernel module is loaded, or disable compression.
> - overridemtu= is not supported for NETKEY

ok disabling overridemtu
ok disabling compression

> - PMTU is not supported by NETKEY, you can try tcpmiss clamping.
you mean :
tcpmss
       This matches the TCP MSS (maximum segment size) field of the TCP
header.
       You  can  only  use this on TCP SYN or SYN/ACK packets, since the
MSS is
       only negotiated during the TCP handshake at connection startup
time.

       [!] --mss value[:value]"
              Match a given TCP MSS value or range.


> - Try KLIPS instead of NETKEY if you have these problems. Do not use RedHat
>    kernel sources for this, since one of their patches causes KLIPS to kill
>    your machine. We have not yet pinned this change down.
> 
> Indeed, this question has come to this list for many times since NETKEY saw
> serious usage as a result of Openswan being included into Fedora Core.
> 
> Paul

Hi Paul, Glover and list

There is something strange cause I can see packets coming and going from
both machines but I can't , using lynx for example at another lan , see
any page from My desktop w/ apache ....
I don't use fedora . I use debian sarge + openswan.


thanks in advanced

-- 
Paulo Ricardo Bruck - consultor
Contato Global Solutions
tel 011 5031-4932  fone/fax 011 5034-1732  cel 011 9235-4327

More information about the Users mailing list