[Openswan Users] ping works but others applications don't

RITTER, Philippe phr at cdm.smis.ch
Sun Jan 30 18:50:16 CET 2005


Hello

I'm sorry to come back with my problem, but what else can I do to have my
VPN working correctly (Running VNC for example ?) ?

You can I use KLIPS ?

Thanks in advance !

Best regards
Philippe RITTER

-----Message d'origine-----
De: RITTER, Philippe
A: 'users at openswan.org'
Date: 27.01.05 21:49
Objet: RE: [Openswan Users] ping works but others applications don't

I tried all of them, but nothing help. Should I try a newer kernel ? Or
openswan 2.3.0 ?

Thanks for you help

-----Message d'origine-----
De: Paul Wouters
A: RITTER, Philippe
Cc: 'users at openswan.org'
Date: 27.01.05 20:22
Objet: RE: [Openswan Users] ping works but others applications don't

On Thu, 27 Jan 2005, RITTER, Philippe wrote:

> My client is a WinXP. I can open the vpn and ping a remote host in my
net,
> and also with a size from 8192 bytes. I get them back.

Try changing the mtu on the windows box:
http://www.winguides.com/registry/display.php/280/

Lower the mtu to 1400.

> in my kern.log:
> kernel: pmtu discovery on SA ESP/1f0c6ebb/534c0433
> last message repeated 4 times

Oh good, it logs the message now. I wonder if the kernel people are now
working on
implementing pmtu for ipsec. I really hope so....

On the openswan gateway you can try:

iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS
--clamp-mss-to-pmtu

Or if that fails:

iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --set-mss
1440

Or try using KLIPS instead of NETKEY (but KLIPS currently does not have
NAT-T on the
2.6 kernel)

Paul
_______________________________________________
Users mailing list
Users at openswan.org
http://lists.openswan.org/mailman/listinfo/users


More information about the Users mailing list