[Openswan Users] ICMP Packet Size Limit?

Phillip T. George phillip at eacsi.com
Wed May 4 15:19:31 CEST 2005 

It seems from a client perspective I can do even less traffic...I can't 
even do 64 bytes between 2 windows clients! This is obviously not an 
ICMP-only issue.

Here's what a 32-byte ping(4) looks like over tcpdump:
14:15:30.754483 IP 192.168.0.21 > 192.168.192.10: icmp 40: echo request 
seq 21970
14:15:31.759328 IP 192.168.0.21 > 192.168.192.10: icmp 40: echo request 
seq 22226
14:15:32.760207 IP 192.168.0.21 > 192.168.192.10: icmp 40: echo request 
seq 22482
14:15:33.769269 IP 192.168.0.21 > 192.168.192.10: icmp 40: echo request 
seq 22738

Here's what a 64-byte ping(4) looks like over tcpdump:
<nothing>

Here's what an attempted RDP connection looks like over tcpdump:
14:16:50.204525 IP 192.168.0.21.4080 > 192.168.192.10.3389: S 
3549076622:3549076622(0) win 65535 <mss 1460,nop,nop,sackOK>
14:16:50.236829 IP 192.168.0.21.4080 > 192.168.192.10.3389: . ack 
510505563 win 65535
14:16:50.242137 IP 192.168.0.21.4080 > 192.168.192.10.3389: P 0:36(36) 
ack 1 win 65535
14:16:53.298879 IP 192.168.0.21.4080 > 192.168.192.10.3389: . ack 12 win 
65524
14:17:20.216894 IP 192.168.0.21.4080 > 192.168.192.10.3389: P 448:457(9) 
ack 12 win 65524
14:17:20.224592 IP 192.168.0.21.4080 > 192.168.192.10.3389: F 457:457(0) 
ack 12 win 65524

Then of course the windows client says that the connection timed out.

Any clues?

Thanks,
Phillip


Phillip T. George wrote:

> Hello all,
>
> I'm having some trouble with getting IPsec working on FC3 a bit 
> still.  The connection establishes and all and I can ping locations on 
> the other side and communicate minorly, but I can't seem to establish 
> any kind of connection thru the VPN (tried SSH and RDP).  I also 
> noticed that the maximum I can ping with is 296 bytes (-s 288).  Is 
> there some kind of ICMP packet size limit thru IPsec with openswan?  
> If not, what is the deal here?
>
> Thanks,
> Phillip
> _______________________________________________
> Users mailing list
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users

More information about the Users mailing list