[Openswan Users] pmtu discovery on SA
ken at xelerance.com
Tue Mar 22 21:43:13 CET 2005
On Tue, 22 Mar 2005, martin f krafft wrote:
> also sprach Scott Mcdermott <smcdermott at questra.com> [2005.03.22.0029 +0100]:
> > Are you using Linux 2.6?
> Yes, and in-kernel IPsec (not KLIPS).
> > I saw a whole flurry of IPESC PMTU fixes go to netdev at oss.sgi.com
> > recently.
> Okay, so maybe this will be fixed and it's not my problem? I can't
> believe that noone has seen this before though.
MTU issues with the build-in IPsec stack are common, and reported over the
past year many times... so it's seen every week or so.
Normally, people work around it, with either iptables, or changing the
route add command to add 'mtu 1400' or similar to the end. Both are
hacks, but seem to solve the immediate problems.
More information about the Users