[Openswan Users] FW: VPN works, but you can't eBay ;-)
Miguel Dilaj
mdilaj at nccglobal.com
Tue May 17 12:07:21 CEST 2005
Hi all,
In general if you start Ethereal and have a look at the frame sizes you can
"tweak" it to appropriate values.
I found that the overhead was something below 30 bytes (I don't remember the
exact value), so 1400 is fine. Some machines have 1300 because of testing.
For the sake of information, in Ethernet it has to be maximum 1500.
Cheers,
Miguel
-----Original Message-----
From: Paul Wouters [mailto:paul at xelerance.com]
Sent: 17 May 2005 10:28
To: Miguel Dilaj
Cc: users at openswan.org
Subject: RE: [Openswan Users] FW: VPN works, but you can't eBay ;-)
On Tue, 17 May 2005, Miguel Dilaj wrote:
> Another user raised an issue when trying to connect to MSN (the
> instant messenger, not the website). It seems that he can't logon. I
> can connect with no problem, so basically it's exactly the same issue
> (will have a look at the output of ipsec auto --status later).
I can confirm this. I am on tunneled IP, and I need to lower my mtu to 1400
for hotmail (website) and msn(website and IM) and jabber (IM) to work.
Likely those sites are dropping icmp packets needed for path mtu discovery.
Paul
***********************************************************************************************************
DISCLAIMER:
This e-mail contains proprietary information, some or all of which may be legally privileged.
It is for the intended recipient only. If an addressing or transmission error has misdirected this e-mail,
please notify the author by replying to this e-mail. If you are not the intended recipient you may not use,
disclose, distribute, copy, print or rely on this e-mail.
***********************************************************************************************************
More information about the Users
mailing list