[Openswan Users] pmtu discovery on SA

Ken Bantoft ken at xelerance.com
Tue Mar 22 21:43:13 CET 2005

On Tue, 22 Mar 2005, martin f krafft wrote:

> also sprach Scott Mcdermott <smcdermott at questra.com> [2005.03.22.0029 +0100]:
> > Are you using Linux 2.6?
> Yes, and in-kernel IPsec (not KLIPS).
> > I saw a whole flurry of IPESC PMTU fixes go to netdev at oss.sgi.com
> > recently.
> Okay, so maybe this will be fixed and it's not my problem? I can't
> believe that noone has seen this before though.

MTU issues with the build-in IPsec stack are common, and reported over the 
past year many times... so it's seen every week or so.

Normally, people work around it, with either iptables, or changing the 
route add command to add 'mtu 1400' or similar to the end.  Both are 
hacks, but seem to solve the immediate problems.


More information about the Users mailing list