[Openswan Users] ping works but others applications don't
RITTER, Philippe
phr at cdm.smis.ch
Sun Jan 30 18:50:16 CET 2005
Hello
I'm sorry to come back with my problem, but what else can I do to have my
VPN working correctly (Running VNC for example ?) ?
You can I use KLIPS ?
Thanks in advance !
Best regards
Philippe RITTER
-----Message d'origine-----
De: RITTER, Philippe
A: 'users at openswan.org'
Date: 27.01.05 21:49
Objet: RE: [Openswan Users] ping works but others applications don't
I tried all of them, but nothing help. Should I try a newer kernel ? Or
openswan 2.3.0 ?
Thanks for you help
-----Message d'origine-----
De: Paul Wouters
A: RITTER, Philippe
Cc: 'users at openswan.org'
Date: 27.01.05 20:22
Objet: RE: [Openswan Users] ping works but others applications don't
On Thu, 27 Jan 2005, RITTER, Philippe wrote:
> My client is a WinXP. I can open the vpn and ping a remote host in my
net,
> and also with a size from 8192 bytes. I get them back.
Try changing the mtu on the windows box:
http://www.winguides.com/registry/display.php/280/
Lower the mtu to 1400.
> in my kern.log:
> kernel: pmtu discovery on SA ESP/1f0c6ebb/534c0433
> last message repeated 4 times
Oh good, it logs the message now. I wonder if the kernel people are now
working on
implementing pmtu for ipsec. I really hope so....
On the openswan gateway you can try:
iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS
--clamp-mss-to-pmtu
Or if that fails:
iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --set-mss
1440
Or try using KLIPS instead of NETKEY (but KLIPS currently does not have
NAT-T on the
2.6 kernel)
Paul
_______________________________________________
Users mailing list
Users at openswan.org
http://lists.openswan.org/mailman/listinfo/users
More information about the Users
mailing list